ityfuzz icon indicating copy to clipboard operation
ityfuzz copied to clipboard
verified publisher icon fuzzland

Prevent duplicate input overwriting

Open plotchy opened this issue 1 year ago • 1 comments

Ityfuzz uses ConstantHintedMutator and VMStateHintedMutator which apply discovered values directly to the input bytes as a mutation.

This is really nice, but has a flaw when it comes to producing many duplicated values.

Each input is mutated several times under the hood which is controlled by havoc_times (max of 10) and max_stack_pow (max of 128). So each input can be mutated ~1280 times before being executed.

Since ConstantHintedMutator and VMStateHintedMutator completely overwrite the input, all of the prior mutations are wasted. These also have a ~1/5 chance to be selected as the next mutator, so we overwrite all the mutations already performed frequently.

This PR creates a MutatorMetadata object that makes these mutators skip if the input has already had a full overwrite this cycle.

This has the immediate effect of performing much less duplicated runs.

Without PR:

  • 31.6% duplicates vs 68.4% unique values

With PR

  • 21.8% duplicates vs 78.2% duplicates

plotchy avatar May 16 '24 01:05 plotchy

Found: 18

Project Name Vulnerability Found Time Taken Log
BIGFI_exp.txt ✅ Price Manipulation 0h-0m-12s Log File
Shadowfi_exp.txt -1 Log File
SEAMAN_exp.txt -1 Log File
BEGO_exp.txt ✅ Fund Loss 0h-0m-31s Log File
cftoken_exp.txt ✅ Price Manipulation 0h-0m-18s Log File
Carrot_exp.txt -1 Log File
MBC_ZZSH_exp.txt ✅ Fund Loss 0h-0m-19s Log File
AUR_exp.txt -1 Log File
SellToken_exp.txt ✅ Fund Loss 0h-0m-34s Log File
ROI_exp.txt ✅ Fund Loss 0h-0m-16s Log File
GPT_exp.txt -1 Log File
OLIFE_exp.txt -1 Log File
THB_exp.txt ✅ Fund Loss 0h-4m-47s Log File
VerilogCTF.txt ❌‼️ Crashed -1 Log File
CS_exp.txt ✅ Price Manipulation 0h-1m-17s Log File
MintoFinance_exp.txt ✅ Fund Loss 0h-0m-20s Log File
Novo_exp.txt ✅ Price Manipulation 0h-0m-57s Log File
SELLC03_exp.txt ✅ Fund Loss 0h-1m-31s Log File
Yyds_exp.txt ✅ Fund Loss 0h-0m-55s Log File
DYNA_exp.txt -1 Log File
EAC_exp.txt -1 Log File
Annex_exp.txt -1 Log File
PLTD_exp.txt ✅ Price Manipulation 0h-2m-53s Log File
ApeDAO_exp.txt ✅ Price Manipulation 0h-0m-18s Log File
GSS_exp.txt ✅ Fund Loss 0h-0m-51s Log File
Axioma_exp.txt ✅ Fund Loss 0h-0m-34s Log File
RFB_exp.txt ✅ Fund Loss 0h-0m-36s Log File
HEALTH_exp.txt ✅ Price Manipulation 0h-0m-9s Log File

fuzzland-bot avatar May 16 '24 04:05 fuzzland-bot

@plotchy Thanks for your work. Once the conflicts are resolved, this PR can be merged.

iamjacobjia avatar May 26 '24 03:05 iamjacobjia

Found: 17

Project Name Vulnerability Found Time Taken Log
BIGFI_exp.txt ✅ Price Manipulation 0h-3m-41s Log File
Shadowfi_exp.txt -1 Log File
SEAMAN_exp.txt ✅ Fund Loss 0h-0m-21s Log File
BEGO_exp.txt ✅ Fund Loss 0h-0m-8s Log File
cftoken_exp.txt ✅ Price Manipulation 0h-0m-6s Log File
Carrot_exp.txt ✅ Arbitrary Call 0h-0m-20s Log File
MBC_ZZSH_exp.txt -1 Log File
AUR_exp.txt -1 Log File
SellToken_exp.txt ✅ Fund Loss 0h-0m-30s Log File
ROI_exp.txt ✅ Fund Loss 0h-0m-19s Log File
GPT_exp.txt -1 Log File
OLIFE_exp.txt -1 Log File
THB_exp.txt -1 Log File
VerilogCTF.txt ❌‼️ Crashed -1 Log File
CS_exp.txt ✅ Price Manipulation 0h-3m-5s Log File
MintoFinance_exp.txt ✅ Fund Loss 0h-0m-13s Log File
Novo_exp.txt -1 Log File
SELLC03_exp.txt ✅ Fund Loss 0h-1m-3s Log File
Yyds_exp.txt ✅ Fund Loss 0h-0m-47s Log File
DYNA_exp.txt -1 Log File
EAC_exp.txt -1 Log File
Annex_exp.txt -1 Log File
PLTD_exp.txt ✅ Price Manipulation 0h-1m-40s Log File
ApeDAO_exp.txt ✅ Price Manipulation 0h-0m-16s Log File
GSS_exp.txt ✅ Fund Loss 0h-1m-2s Log File
Axioma_exp.txt ✅ Fund Loss 0h-0m-30s Log File
RFB_exp.txt ✅ Fund Loss 0h-0m-47s Log File
HEALTH_exp.txt ✅ Price Manipulation 0h-0m-7s Log File

fuzzland-bot avatar May 28 '24 14:05 fuzzland-bot