Ethereum smart contract fuzzer
This release adds support for dapp/foundry properties, improves the input generation and fixes multiple minor bugs.
Echidna supports writing properties/invariants using three different APIs:
function echidna_property() public returns (bool) { // A specially named function with no arguments is required
// The following statement can trigger a failure depending on the returned value. Reverts will force a failure
return ..;
} // side effects are *not* preserved
function checkInvariant(..) public { // A function with any number of arguments is supported using "--testMode assertion"
assert(..);
// The following statement will always trigger a failure
emits AssertionFailure(..);
} // side effects are preserved
function checkDappTest(..) public { // A function with one or more arguments are required using "--testMode dapptest"
// Any revert will cause a failure, otherwise it passes
...
} // side effects are preserved (but usually this runs in stateless mode)
Every testing mode can be stateful (by default) or stateless (using --seqLen 1
). Review our documentation for more details on how to use these APIs and the difference between stateful and stateless fuzzing.
Echidna 2.0.0 is a new major release of our fuzzing tool for smart contracts. All users of Echidna should move to version 2.0.0. We will not provide support for older releases.
Detection of assertion failures in Solidity 0.8.x or greater, including automatic detection of integer overflows, zero division, invalid casts, and more
Automatic discovery of maximum values for functions that compute a value (e.g., int256
) with --test-mode optimization
Automatic integer over- and underflow detection in Solidity 0.8.x or greater with --test-mode overflow
. This mode detects integer issues across all functions of the tested contract. It shows inputs that cause under- or overflows without any additional configuration. For instance, it will detect an overflow in this code snippet without outside assistance:
function f(uint x, uint y) public {
uint z = x + y;
...
}
Automatic detection of contract destruction using testDestruction
(which usually should trigger failures in other tests)
Assertion tests using events (e.g., AssertionFailure(...)
) are improved to work even if the execution reverts
Echidna now shares why a test failed and what state the contract was in when it failed. Echidna now displays:
Echidna 2.0.0 features a simplified interface, using a "test mode" to specify the type of tests performed. These are configured via --test-mode
(CLI) or testMode
(config file):
echidna-test contract.sol --test-mode property
echidna-test contract.sol --test-mode overflow
echidna-test contract.sol --test-mode optimization
echidna-test contract.sol --test-mode exploration
checkAsserts
): echidna-test contract.sol --test-mode assertion
checkAsserts
and benchmarkMode
options have been removed.
testDestruction
checkAsserts
and benchmarkMode
were removed in favor of testMode
[BREAKING CHANGE]
psender
and deployer
address are changed to be 0x10000
and 0x30000
for readability [BREAKING CHANGE]
This is a small release with some minor bugfixes and quality of life improvements. User facing changes include:
Some less important changes are a version bump to hevm 0.48.0 and some nix improvements regarding slither.
Echidna 2.0.0 (beta 2) is the second beta release of the new version of our fuzzing tool for smart contracts, which continues with the new features, fixes and breaking changes. This release brings the following new major features:
--test-mode overflow
. This mode detects integer issues across all the functions of the tested contract to show inputs cause under or overflows without modifying or adding anything in your code. For instance, it will detect an overflow here:
function f(uint x, uint y) public {
uint z = x + y;
...
}
Additionally, the psender
and deployer
addresses were changed to 0x10000
and 0x30000
respectively to be more readable. Please double check your properties to see if they work as expected.
testDestruction
[BREAKING CHANGE]
0x10000
and 0x30000
, to be more readable [BREAKING CHANGE]
Echidna 2.0.0 (beta 1) is the first beta release of the new version of our fuzzing tool for smart contracts, which brings a number of new features and breaking changes. If you need a stable release right now, please use v1.7.2, otherwise, we encourage everyone to test this new beta.
Echidna 2.0 has the following new major features:
AssertionFailure(...)
) are improved to work even if the execution reverts.int256
) and Echidna tries to find a maximum.On top of that, Echidna will show us valuable information regarding why the test is failing and what is the state of the contract when it failed:
This new release also features a simplified interface, using a "test mode" to specify what type of tests you want. This can be used directly in the command-line:
echidna-test contract.sol --test-mode assertion
echidna-test contract.sol --test-mode optimization
echidna-test contract.sol --test-mode exploration
Finally, by default, --test-mode
is assumed to be property
. This new version also removes checkAssertion
and benchmarkMode
config options. Instead, users should specify testMode
in the yaml file which can be one the values previously detailed.
checkAssertion
and benchmarkMode
were removed in favor of testMode
[BREAKING CHANGE]
Echidna 1.7.2 is a minor release that brings a variety of fixes and small improvements, including improved command-line options and fixes when using hardhat/brownie to test contracts. It relies on hevm 0.46 for the EVM emulation. This release requires to use crytic-compile 0.2.0 or later but otherwise contains no breaking changes.
Echidna 1.7.1 is a minor release that brings a variety of fixes and small improvements, including better mutations, two new command-line options, --corpus-dir
and --check-asserts
, correct initialization of new addresses and extended notion of coverage to include EVM frames. This release contains no breaking changes.
Echidna 1.7.0 is a major release that brings a few major features:
coverage: true
)corpusDir
)This release also includes several internal refactorings, fixes in our CI tests and improved Nix support. The Echidna team would also like to thank @elopez for their fixes submitted as PRs.
Echidna 1.6.1 is a minor release that, most importantly, allows using compiler metadata to detect which contracts are deployed, avoiding any issues when the bytecode modifies its own code (e.g., when they use the immutable
keyword). This release also contains performance optimizations when executing properties, speeding up the testing when the EVM reverts, and lets users be more precise when whitelisting or blacklisting functions by specifying the full contract name and ABI.
The Echidna team would also like to thank @elopez and @KurogeWashu for their fixes submitted as PRs.
block.gaslimit
(#596)Echidna 1.6.0 introduces integration with Slither, now a required dependency for Echidna to function properly. Slither can help Echidna understand the structure of Solidity contracts which we use to explore more interesting code paths. This release also updates hevm
to version 0.42, improves shrinking and pretty-printing of results, and includes a variety of bugfixes and refactoring. Finally, the Echidna team would also like to thank @elopez, @erivas, and @bingen for their work on squashing some annoying issues.
codeSize
config (#544)gets
mapped correctly, fixing #474 (#503)