Skip to content

Fuzz testing for ABI/RLP/hex decoders #72

Description

@koko1123

Motivation

The decoders (abi_decode.zig, rlp.zig, hex.zig, parseSingleTransaction) consume untrusted RPC bytes. Zig has built-in fuzzing (zig test --fuzz); wiring it up is cheap insurance and a strong security-posture signal (SECURITY.md explicitly scopes decoder overflows).

Scope

  • tests/fuzz_tests.zig with fuzz entries for: RLP decode, ABI decode (dynamic offsets are the classic attack surface), hex decode, JSON tx/log/receipt parsers
  • zig build fuzz step in build.zig
  • CI job running a short fuzz budget per PR (e.g. 60s per target), full runs nightly

Pointers

https://ziglang.org/documentation/master/#Fuzz-Testing -- assert no crashes/leaks, plus round-trip properties where encoders exist (decode(encode(x)) == x).

Metadata

Metadata

Assignees

No one assigned

    Labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions