# Guide to using ItyFuzz By [secoalba](https://paragraph.com/@secoalba) · 2024-02-16 --- This guide serves as the inaugural article in a series dedicated to **ityfuzz**. Here, I'll walk you through the process of getting started with this powerful tool. We'll adopt a straightforward, step-by-step approach to ensure a seamless initiation. You'll gain insights into the essential installations necessary to kickstart your journey with ityfuzz Additionally, I'll offer detailed instructions on how to utilize it across different project types, ensuring flexibility and straightforward integration. Short introduction ------------------ ItyFuzz is a hybrid fuzzer for smart contracts that combines symbolic execution and fuzzing to find errors in smart contracts. Technically, it uses formal verification (concolic execution) assisted by fuzzing algorithms guided by data flow patterns and comparisons. Installation ------------ The first thing you need to have installed is: * [ityfuzz](https://github.com/fuzzland/ityfuzz/tree/master) * [blazo](https://github.com/fuzzland/blazo/tree/main) Init ---- Once you have both **ityfuzz** and **blazo** installed, we'll begin by creating a new Foundry project. We copy the contract we want to test and make the following modifications: ![](https://storage.googleapis.com/papyrus_images/0065a9461ce8d9e507f2595e69076f7454e06c31b448871a03776aa6d7e77a56.png) * Manually imported the [solidity\_utils/lib.sol](https://github.com/fuzzland/ityfuzz/tree/master/solidity_utils) library into the "lib" folder. * Imported the lib/solidity\_utils/lib.sol library into our contract. * Introduced the ["bug()"](https://docs.ityfuzz.rs/docs-evm-contract/writing-invariants) keyword where we believe it could break the invariant. * _ItyFuzz also supports_ `bug()`_, which indicates the current code shall not be reached._ ![](https://storage.googleapis.com/papyrus_images/3eeb75faf9e0fea26c411dc1c41f7e8e6e96c5a53e6e269fddd966b9758d2d25.png) Once we have all this available, let's move on to the second part. We need to create a **.json** file, for which we'll need to identify the address of our contract along with its constructor if it's in bytes32 format. To do this, we'll write a small **script** to obtain the necessary data. Script ------ ![](https://storage.googleapis.com/papyrus_images/3eb8eecf05741efae2458a1bab8fa3fc08d330427a86f3b9cf7aec6366e704b5.png) `forge script “contract name” -vvvvvv` ![](https://storage.googleapis.com/papyrus_images/524b915f9bfe047f20ae2a98e99c7ea88a3f9d052036cdf2b49861f40208085a.png) We create the 1st file called tt.json that we need: --------------------------------------------------- * We copy the address obtained from the **script** into our **tt.json** file. { "src/PostExample.sol": { "PostExample": { "address": "0x5615dEB798BB3E4dFa0139dFa1b3D433Cc23b72f", "constructor_args": "" } } } It would look something like this: ![](https://storage.googleapis.com/papyrus_images/c671f269b40eef03d7f9b8636bd1b1e18b314580b9f2cc09b446d50484bbdff2.png) Blazo ----- Once we have all this, we'll start using the **Blazo** tool. We'll navigate out of our main repository using cd .. as we need to run it from outside the main repository. Then, we'll use the command: * `blazo “project name”` ![](https://storage.googleapis.com/papyrus_images/bb82cb5d0c522fd55d2c7db8474649881ef9ba96849ca66d275e56e7ecd389a1.png) Once we've obtained the result, another JSON file named **results.json** should have been created. It would look like this: ![](https://storage.googleapis.com/papyrus_images/9fd808573c739aef31a687fba0bf196997677b36d0e928de9882de6713c53190.png) Ityfuzz ------- Once we've confirmed that we have the two files created correctly, we'll proceed with running **ityfuzz** to see if we can find any results within the code. * `ityfuzz evm --builder-artifacts-file './results.json' --offchain-config-file './tt.json' -t "a" -f` ![](https://storage.googleapis.com/papyrus_images/0bb82d11a598b6a3b73db06aa62df84d9b02f9b9ade80fc5a99a9a67994bb1d0.png) And as we can see, **ityfuzz** has managed to find a code violation for this contract. --- *Originally published on [secoalba](https://paragraph.com/@secoalba/guide-to-using-ityfuzz)*