echidna v2.1 releases: Ethereum fuzz testing framework
echidna
Echidna is a weird creature that eats bugs and is highly electrosensitive (with apologies to Jacob Stanley)
More seriously, Echidna is a Haskell program designed for fuzzing/property-based testing of Ethereum smarts contracts. It uses sophisticated grammar-based fuzzing campaigns based on a contract ABI to falsify user-defined predicates or Solidity assertions. We designed Echidna with modularity in mind, so it can be easily extended to include new mutations or test specific contracts in specific cases.
Features
- Generates inputs tailored to your actual code
- Optional corpus collection, mutation and coverage guidance to find deeper bugs
- Optional Slither integration to extract useful information before the fuzzing campaign
- Curses-based retro UI, text-only or JSON output
- Automatic testcase minimization for quick triage
- Seamless integration into the development workflow
- Maximum gas usage reporting of the fuzzing campaign
- Support for a complex contract initialization with Etheno and Truffle
Changelog v2.1
Echidna 2.1.0 introduces on-chain fuzzing. Echidna can now run starting with an existing state provided by an external RPC service (Infura, Alchemy, local node, etc). This enables users to speed up the fuzzing setup when using already deployed contracts. For instance:
We can specify the RPC endpoint for Echidna to use before running the fuzzing campaign with the following environment variables:
export ECHIDNA_RPC_URL=http://.. ECHIDNA_RPC_BLOCK=16771449
And then Echidna can be executed as usual. At the end of the execution, if the source code mapping of any executed on-chain contract is available on Etherscan, it will be automatically fetched for the coverage report. Optionally, an Etherscan key can be provided using the ETHERSCAN_API_KEY
environment variable.
This release also provides experimental support for Windows binaries.
Additionally, this release also includes fixes and a large refactor of several parts of the code that will facilitate the tool development and performance improvements. Other important changes are:
echidna-test
executable was renamed asechidna
multi-abi
config keyword was renamed toallContracts
.multi-abi
still works but will be removed in future.- FFI cheat code to allow execute execution from Solidity
- Special UI screen to show when there is a crash in Echidna
Added
- On-chain fuzzing (#927, #971) [EXPERIMENTAL]
- Added Windows support (#943) [EXPERIMENTAL]
- Added scrollbar to the UI (#915)
- Added crash display to the UI (#944)
- Added human-friendly errors for panic codes (#965)
- Added support for the FFI cheatcode (#750)
Changed
- Refactored code (#903, #906, #908, #924, #925, #928, #946, #956, #966, #968)
- Updated dependencies (#942, #948)
- Build and CI improvements (#912, #914, #917, #952, #967)
- Renamed echidna-test binary to echidna (#826)
- Renamed multi-abi mode to allContracts, multi-abi still works but will be removed in future (#934)
Removed
- Removed generation of negative seeds (#933) [BREAKING CHANGE]
Fixed
- Fixed method filtering in multi-abi mode (#950, #954)
- Fixed config parsing for too large values (#935)
- Fixed parsing string constants that start with 0x (#958)
Installation
docker is recommended to install Echidna.
docker pull trailofbits/echidna
docker run trailofbits/echidna
for example
docker run -v `pwd`:/src trailofbits/echidna echidna-test /src/solidity/cli.sol
If you’d prefer to build from the source, use Stack. stack install . should build and compile echidna-test in ~/.local/bin You will need to link against libreadline and libsecp256k1 (built with recovery enabled), which should be installed with the package manager of your choosing. If you’re getting errors building related to linking, try tinkering with –extra-include-dirs and –extra-lib-dirs.
Use
Copyright (C) 2018