Expand description
Krastor Fuzz Core — Coverage-guided execution engine for Solana programs.
§Architecture
Fuzzer::run_one_round()
├─ random_action() → pick random instruction + account params
├─ mutate_accounts() → Solana-aware directed mutations
├─ LiteSVM::execute() → deploy + construct + submit transaction
├─ check_invariants() → user-defined post-condition checks
└─ log_coverage() → (optional) coverage bitmap collectionRe-exports§
pub use fuzzer::Fuzzer;
Modules§
- crash
- Crash recording — serialization, shrinking, and reproducibility.
- executor
- LiteSVM execution wrapper — deploys programs, constructs transactions, submits to the embedded Solana runtime, and collects results.
- fuzzer
- Fuzzer — main fuzzing engine that orchestrates rounds of random actions, account mutations, LiteSVM execution, and invariant checking.
- invariant
- Invariant runtime — user-defined post-condition checks.
- mutator
- Account mutators — Solana-aware directed mutations for vulnerability discovery.
Structs§
- Coverage
Bitmap - AFL-style coverage bitmap (65536 entries is standard)
- Fuzz
Account - Fuzz
Action - A single fuzzing action: one instruction invocation with specific accounts
- Fuzz
Action Sequence - Full execution round: multiple instructions in sequence