Implement automated contract fuzz testing pipeline#404
Open
TUPM96 wants to merge 1 commit into
Open
Conversation
|
@TUPM96 is attempting to deploy a commit to the smartdevs17's projects Team on Vercel. A member of the Team first needs to authorize it. |
There was a problem hiding this comment.
Pull request overview
Note
Copilot was unable to run its full agentic suite in this review.
Adds a new focused lending fuzz target (“critical” path) and supporting tooling/CI to improve coverage of debt/liquidation behavior and regressions.
Changes:
- Introduces
lending_criticalfuzz target with a dedicated harness path (act_critical) and per-step invariant checks. - Adds seed corpus entries for
lending_criticaland updates fuzz scripts/docs to include the new target, plus crash triage & coverage reporting helpers. - Adds a dedicated GitHub Actions workflow to run scheduled/PR fuzzing and generate/upload coverage artifacts.
Reviewed changes
Copilot reviewed 21 out of 22 changed files in this pull request and generated 4 comments.
Show a summary per file
| File | Description |
|---|---|
| stellar-lend/fuzz/src/lending.rs | Adds bounded amount helper, liquidation action, and “critical” action runner + run_critical() entrypoint. |
| stellar-lend/fuzz/fuzz_targets/lending_critical.rs | New libFuzzer entrypoint for the lending_critical target. |
| stellar-lend/fuzz/corpus/lending_critical/seed_01 | Adds a seed corpus entry for lending_critical. |
| stellar-lend/fuzz/corpus/lending_critical/seed_02 | Adds a seed corpus entry for lending_critical. |
| stellar-lend/fuzz/corpus/lending_critical/seed_03 | Adds a seed corpus entry for lending_critical. |
| stellar-lend/fuzz/corpus/lending_critical/seed_04 | Adds a seed corpus entry for lending_critical. |
| stellar-lend/fuzz/corpus/lending_critical/seed_05 | Adds a seed corpus entry for lending_critical. |
| stellar-lend/fuzz/corpus/lending_critical/seed_06 | Adds a seed corpus entry for lending_critical. |
| stellar-lend/fuzz/corpus/lending_critical/seed_07 | Adds a seed corpus entry for lending_critical. |
| stellar-lend/fuzz/corpus/lending_critical/seed_08 | Adds a seed corpus entry for lending_critical. |
| stellar-lend/fuzz/corpus/lending_critical/seed_09 | Adds a seed corpus entry for lending_critical. |
| stellar-lend/fuzz/corpus/lending_critical/seed_10 | Adds a seed corpus entry for lending_critical. |
| stellar-lend/fuzz/Cargo.toml | Registers the new lending_critical fuzz target binary. |
| stellar-lend/contracts/lending/src/lib.rs | Adds new modules and re-exports PauseType. |
| scripts/fuzz/triage_crash.sh | New helper to promote crashes into regression corpus + write a triage report. |
| scripts/fuzz/run_ci_smoke.sh | Includes lending_critical in CI smoke fuzz runs. |
| scripts/fuzz/coverage_report.sh | New helper to generate per-target coverage logs + a summary table. |
| scripts/fuzz/check_corpus.sh | Includes lending_critical in corpus validation. |
| docs/fuzzing.md | Updates fuzzing documentation for the new target, crash triage, and coverage reports. |
| .github/workflows/contract-fuzz.yml | Adds a dedicated CI workflow to run fuzzing and upload artifacts/coverage. |
| .gitattributes | Enforces LF line endings for shell scripts and YAML files. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Comment on lines
+6
to
+9
| fuzz_target!(|data: &[u8]| { | ||
| if data.len() < ACTION_BYTES_LEN { | ||
| return; | ||
| } |
| @@ -0,0 +1 @@ | |||
| deposit-borrow-repay-liquidate-001 | |||
| let liquidator = self.user(action.user()); | ||
| let borrower = self.user(action.asset_a()); | ||
| let debt_asset = self.asset(action.asset_b()); | ||
| let collateral_asset = self.asset(action.u32_param() as u8); |
| MIN_FILES="${MIN_CORPUS_FILES:-10}" | ||
|
|
||
| targets=(lending_actions amm_actions bridge_actions) | ||
| targets=(lending_critical lending_actions amm_actions bridge_actions) |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Closes #392
Summary
Contract Fuzzingworkflow that runscargo-fuzzfor 1800 seconds per target and uploads artifacts/coverage.lending_criticalfuzz target for deposit, borrow, repay, liquidate, oracle price shifts, and time jumps.PauseTypeso the fuzz crate builds against the real lending contract.Validation
cargo fmt --manifest-path stellar-lend/fuzz/Cargo.toml -- --checkcargo check --manifest-path stellar-lend/fuzz/Cargo.toml --binscargo +nightly fuzz listbash scripts/fuzz/check_corpus.shgit diff --cached --checkNote:
cargo test --manifest-path stellar-lend/contracts/lending/Cargo.toml --no-runexposes pre-existing lending test harness issues around unexported stable-rate client methods and staleDebtPositioninitializers; this PR keeps the fix scoped to the fuzz pipeline.