Ethereum smart contract fuzzer
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
 
 
Dan Guido fd27ba0824
Update README.md
6 years ago
.travis stop releasing every commit 6 years ago
examples Improved and standardized properties (#68) 6 years ago
exercises add raise function to exercise 7 years ago
gastest Reduced memory usage of gastest-exe. Changed Echidna.ABI to not generate intermediate arrays 6 years ago
lib/Echidna Force stdout flush to fix #120 6 years ago
perprop Changed coverage to use pc's again until memory leak in arc coverage is fixed 6 years ago
solidity Stylistic fixes in examples 6 years ago
src Update Main.hs 6 years ago
.codeclimate.yml Run hlint with codeclimate 6 years ago
.gitattributes Adding git attributes file 6 years ago
.gitignore Initial commit 7 years ago
.travis.yml Drop OS X GHC install 6 years ago
Dockerfile fix UTF-8 output in Dockerfile 7 years ago
LICENSE switch to AGPL 7 years ago
README.md Update README.md 6 years ago
echidna.png add logo 7 years ago
package.yaml Removed threaded flag 6 years ago
stack.yaml Upgrade to hedgehog 0.6 (#50) 7 years ago

README.md

echidna

Build Status

echidna logo

Echidna is a weird creature that eats bugs and is highly electrosensitive (with apologies to Jacob Stanley)

More seriously, Echidna is a Haskell library designed for fuzzing/property-based testing of EVM code. It supports relatively sophisticated grammar-based fuzzing campaigns to falsify a variety of predicates.

Features

  • Grammar-based input generation
  • Optional coverage guidance
  • Automatic testcase minimization
  • Pretty terminal interface
  • Powerful API
  • Beautiful logo

Usage

Executing the test runner

The core Echidna functionality is an executable called echidna-test. echidna-test takes a contract and a list of invariants (properties that should always remain true) as input. For each invariant, it generates random sequences of calls to the contract and checks if the invariant holds. If it can find some way to falsify the invariant, it prints the call sequence that does so. If it can't, you have some assurance the contract is safe.

Writing invariants

Invariants are expressed as Solidity functions with names that begin with echidna_, have no arguments, and return a boolean. For example, if I have some balance variable that should never go below 20, I can write function echidna_balance() { return(balance >= 20); }. To check these invariants, run echidna-test myContract.sol.

An example contract with tests can be found solidity/cli.sol. Run echidna-test solidity/cli.sol to kickoff a test run. In this demonstration, Echidna should find a a call sequence that falisfies echidna_sometimesfalse and should be unable to find a falsifying input for for echidna_alwaystrue.

Configuration options

Echidna's CLI can be used to choose the contract to test, turn on coverage guided testing, or load a configuration file.

echidna-test solidity/cli.sol solidity/cli.sol:Test --coverage --config="solidity/config.yaml"

The configuration file allows users to choose EVM and test generation parameters. An example config file, along with documentation, can be found at solidity/config.yaml.

Advanced usage

Echidna exports an API to build powerful fuzzing systems, and has a multitude of configuration options. Unfortunately, these parts of the codebase change quickly and are thus poorly documented. The examples directory or Trail of Bits blog are excellent references, or use the references below to get in touch with us directly.

Installation

docker is recommended to install Echidna.

docker pull trailofbits/echidna
docker run trailofbits/echidna

If you'd prefer to build from source, use Stack.

Where To Get Help

Feel free to stop by our Slack channel for help using or extending Slither.