echidna v2.0 beta2 releases: Ethereum fuzz testing framework

by do son · Published June 24, 2019 · Updated October 25, 2021

echidna

Echidna is a weird creature that eats bugs and is highly electrosensitive (with apologies to Jacob Stanley)

More seriously, Echidna is a Haskell program designed for fuzzing/property-based testing of Ethereum smarts contracts. It uses sophisticated grammar-based fuzzing campaigns based on a contract ABI to falsify user-defined predicates or Solidity assertions. We designed Echidna with modularity in mind, so it can be easily extended to include new mutations or test specific contracts in specific cases.

Features

Generates inputs tailored to your actual code
Optional corpus collection, mutation and coverage guidance to find deeper bugs
Optional Slither integration to extract useful information before the fuzzing campaign
Curses-based retro UI, text-only or JSON output
Automatic testcase minimization for quick triage
Seamless integration into the development workflow
Maximum gas usage reporting of the fuzzing campaign
Support for a complex contract initialization with Etheno and Truffle

Changelog v2.0 beta2

Echidna 2.0.0 (beta 2) is the second beta release of the new version of our fuzzing tool for smart contracts, which continues with the new features, fixes and breaking changes. This release brings the following new major features:

Automatic integer overflow or underflow detection for solc 0.8.x or greater using --test-mode overflow. This mode detects integer issues across all the functions of the tested contract to show inputs cause under or overflows without modifying or adding anything in your code. For instance, it will detect an overflow here:
```
function f(uint x, uint y) public {
  uint z = x + y;
  ... 
}
```
Self destruction tests include any contract destruction (and not just the testing one). Additionally, they are disabled by default, making the UI easier to read.

Additionally, the psender and deployer addresses were changed to 0x10000 and 0x30000 respectively to be more readable. Please double check your properties to see if they work as expected.

Added

New testing mode: Integer under and overflow detection in solc 0.8 and greater [UNSTABLE FEATURE]
Added a new self-destruction test to check if any contract was destroyed.
Added new config options to enable or disabled all self-destruction tests using testDestruction [BREAKING CHANGE]

Removed

Self-destruction tests are disabled by default. [BREAKING CHANGE]

Fixed

psender and deployer address are changed to be 0x10000 and 0x30000, to be more readable [BREAKING CHANGE]
Upgraded to hevm 0.48.

Installation

docker is recommended to install Echidna.

docker pull trailofbits/echidna
docker run trailofbits/echidna

for example

docker run -v `pwd`:/src trailofbits/echidna echidna-test /src/solidity/cli.sol

If you’d prefer to build from the source, use Stack. stack install . should build and compile echidna-test in ~/.local/bin You will need to link against libreadline and libsecp256k1 (built with recovery enabled), which should be installed with the package manager of your choosing. If you’re getting errors building related to linking, try tinkering with –extra-include-dirs and –extra-lib-dirs.