Echidna - Ethereum Fuzz Testing Framework
Echidna is a weird animate beingness that eats bugs as well as is highly electrosensitive (with apologies to Jacob Stanley)
More seriously, Echidna is a Haskell library designed for fuzzing/property-based testing of EVM code. It supports relatively sophisticated grammar-based fuzzing campaigns to falsify a multifariousness of predicates.
Features
- Generates inputs tailored to your actual code
- Optional coverage guidance to honor deeper bugs
- Automatic testcase minimization for quick triage
- Seamless integration into the evolution workflow
- Fast
- Powerful API for advanced usage
- Beautiful logo
Usage
Executing the examine runner
The centre Echidna functionality is an executable called
echidna-test
. echidna-test
takes a contract as well as a listing of invariants (properties that should ever rest true) equally input. For each invariant, it generates random sequences of calls to the contract as well as checks if the invariant holds. If it tin sack honor unopen to agency to falsify the invariant, it prints the telephone remember sequence that does so. If it can't, y'all get got unopen to assurance the contract is safe.Writing invariants
Invariants are expressed equally Solidity functions amongst names that laid about amongst
echidna_
, get got no arguments, as well as furnish a boolean. For example, if y'all get got unopen to balance
variable that should never larn below 20
, y'all tin sack write an extra business office inwards your contract similar this one:function echidna_check_balance() { return(balance >= 20); }
$ echidna-test myContract.sol
An instance contract amongst tests tin sack survive establish examples/solidity/basic/flags.sol. To run it, y'all should execute:$ echidna-test examples/solidity/basic/flags.sol
Echidna should honor a a telephone remember sequence that falisfies echidna_sometimesfalse
as well as should survive unable to honor a falsifying input for echidna_alwaystrue
.Configuration options
Echidna's CLI tin sack survive used to pick out the contract to examine as well as charge a configuration file.
$ echidna-test contract.sol TEST --config="config.yaml"
The configuration file allows users to pick out EVM as well as examine generation parameters. An instance of a consummate config file amongst the default options tin sack survive establish at examples/solidity/basic/default.yaml. More detailed documentation on the configuration options is available inwards our wiki.Advanced usage
Echidna exports an API to construct powerful fuzzing systems, as well as has a multitude of configuration options. Unfortunately, these parts of the codebase alter chop-chop as well as are so poorly documented. The examples/api directory or Trail of Bits blog are first-class references, or usage the references below to brand it behave on amongst us directly.
Installation
If y'all desire to chop-chop examine Echidna inwards Linux, nosotros offering a statically linked binary liberate of v1.0.0.0 to download here.
Otherwise, to install the latest revision of Echidna, nosotros recommend to usage docker:
$ docker construct -t echidna .
for example$ docker run -t -v `pwd`:/src echidna echidna-test /src/examples/solidity/basic/flags.sol
If you'd prefer to construct from source, usage Stack. stack install
should construct as well as compile echidna-test
inwards /.local/bin
. You volition demand to link against libreadline as well as libsecp256k1 (built amongst recovery enabled), which should survive installed amongst the bundle manager of your choosing. Additionally, y'all demand to install the latest liberate of libff (you tin sack accept a await to this script used inwards our CI tests)If you're getting errors edifice related to linking, try tinkering amongst
--extra-include-dirs
as well as --extra-lib-dirs
.Getting help
Feel costless to halt past times our #ethereum slack channel inwards Empire Hacking for assistance using or extending Echidna.
- Get started past times reviewing these uncomplicated Echidna invariants
- Review the Solidity examples directory for to a greater extent than extensive Echidna usage cases
- Considering emailing the Echidna evolution squad straight for to a greater extent than detailed questions