Skip to content

Instantly share code, notes, and snippets.

Created September 21, 2023 15:30
Show Gist options
  • Save tinchoabbate/67b195b95fe77a5b9e3c6cc4bf80b3f7 to your computer and use it in GitHub Desktop.
Save tinchoabbate/67b195b95fe77a5b9e3c6cc4bf80b3f7 to your computer and use it in GitHub Desktop.
Short fuzzing exercise

Fuzzing Exercise

This is a short and simple exercise to start sharpening your smart contract fuzzing skills with Foundry.

The scenario is simple. There's a registry contract that allows callers to register by paying a fixed fee in ETH. If the caller sends too little ETH, execution should revert. If the caller sends too much ETH, the contract should give back the change.

Things look good according to the unit test we coded in the Registry.t.sol contract.

Your goal is to code at least one fuzz test for the Registry contract. By following the brief specification above, the test must be able to detect a bug in the register function.

// SPDX-License-Identifier: UNLICENSED
pragma solidity ^0.8.13;
contract Registry {
error PaymentNotEnough(uint256 expected, uint256 actual);
uint256 public constant PRICE = 1 ether;
mapping(address account => bool registered) private registry;
function register() external payable {
if(msg.value < PRICE) {
revert PaymentNotEnough(PRICE, msg.value);
registry[msg.sender] = true;
function isRegistered(address account) external view returns (bool) {
return registry[account];
// SPDX-License-Identifier: UNLICENSED
pragma solidity ^0.8.13;
import {Test, console2} from "forge-std/Test.sol";
import {Registry} from "../src/Registry.sol";
contract RegistryTest is Test {
Registry registry;
address alice;
function setUp() public {
alice = makeAddr("alice");
registry = new Registry();
function test_register() public {
uint256 amountToPay = registry.PRICE();, amountToPay);
uint256 aliceBalanceBefore = address(alice).balance;
registry.register{value: amountToPay}();
uint256 aliceBalanceAfter = address(alice).balance;
assertTrue(registry.isRegistered(alice), "Did not register user");
assertEq(address(registry).balance, registry.PRICE(), "Unexpected registry balance");
assertEq(aliceBalanceAfter, aliceBalanceBefore - registry.PRICE(), "Unexpected user balance");
/** Code your fuzz test here */
// SPDX-License-Identifier: UNLICENSED
pragma solidity ^0.8.13;
import {Test, console2} from "forge-std/Test.sol";
import {Registry} from "../src/Registry.sol";
contract RegistryTest is Test {
Registry registry;
address alice;
function setUp() public {
alice = makeAddr("alice");
registry = new Registry();
function test_register() public {
uint256 amountToPay = registry.PRICE();, amountToPay);
uint256 aliceBalanceBefore = address(alice).balance;
registry.register{value: amountToPay}();
uint256 aliceBalanceAfter = address(alice).balance;
assertTrue(registry.isRegistered(alice), "Did not register user");
assertEq(address(registry).balance, registry.PRICE(), "Unexpected registry balance");
assertEq(aliceBalanceAfter, aliceBalanceBefore - registry.PRICE(), "Unexpected user balance");
/** Almost the same test, but this time fuzzing amountToPay detects the bug (the Registry contract is not giving back the change) */
function test_fuzz_register(uint256 amountToPay) public {
vm.assume(amountToPay >= 1 ether);, amountToPay);
uint256 aliceBalanceBefore = address(alice).balance;
registry.register{value: amountToPay}();
uint256 aliceBalanceAfter = address(alice).balance;
assertTrue(registry.isRegistered(alice), "Did not register user");
assertEq(address(registry).balance, registry.PRICE(), "Unexpected registry balance");
assertEq(aliceBalanceAfter, aliceBalanceBefore - registry.PRICE(), "Unexpected user balance");
Copy link

Challenge Completed..!!!

function testPriceBecomesTooHigh(uint256 price) public {
        vm.assume(price >= 1 ether); // ***** used to assume something *****
        uint256 amountToPay = price;
       , amountToPay);

        uint256 aliceBalanceBefore = address(alice).balance;

        registry.register{value: amountToPay}();

        uint256 aliceBalanceAfter = address(alice).balance;
        assertTrue(registry.isRegistered(alice), "Did not register user");
        assertEq(address(registry).balance, registry.PRICE(), "Unexpected registry balance");
        assertEq(aliceBalanceAfter, aliceBalanceBefore - registry.PRICE(), "Unexpected user balance");

Copy link

DeepakGhengat commented Jun 14, 2024

 function test_register_fuzz(uint256 amount) public {
        vm.assume(amount > 0);, amount);

        // Check the expected behavior for the given amount
        if (amount < registry.PRICE()) {
            // Expect the transaction to revert with PaymentNotEnough error
            registry.register{value: amount}();
        } else {
            // Amount is sufficient for registration
            registry.register{value: amount}();
            assertTrue(registry.isRegistered(alice), "Did not register user");
            assertEq(address(registry).balance, registry.PRICE(), "Unexpected registry balance");
     The written test case is correct 

Copy link

Thank you Tincho! Here is my Fuzz output, did it a little differently.

 function test_RegisterFuzz_AN(uint256 randomnumber) public {
        uint256 amountToPay = registry.PRICE();
        uint256 randomAmount = amountToPay * randomnumber;, randomAmount);

        uint256 aliceBalanceBefore = address(alice).balance;
        registry.register{value: randomAmount}();
        uint256 aliceBalanceAfter = address(alice).balance;
        assertTrue(registry.isRegistered(alice), "Did not register user");
        assertEq(address(registry).balance, registry.PRICE(), "Unexpected registry balance");
        assertEq(aliceBalanceAfter, aliceBalanceBefore - registry.PRICE(), "Unexpected user balance");

Error Output

Ran 1 test for test/Registry.t.sol:RegistryTest
[FAIL. Reason: Unexpected registry balance: 78620360604071275417471593677350105936000000000000000000 != 1000000000000000000; counterexample: calldata=0x19ff63be000000000000000000000000000000003b25bb0d5bdf9a3e5945a0424789f350 args=[78620360604071275417471593677350105936 [7.862e37]]] test_RegisterFuzz_AN(uint256) (runs: 0, μ: 0, ~: 0)
Suite result: FAILED. 0 passed; 1 failed; 0 skipped; finished in 1.15ms (531.60µs CPU time)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment