merge with master

Author: gustavo-grieco

CHANGELOG.md

@@ -1,6 +1,32 @@
 ## Unreleased
-* Dropped Etheno support (#1402)
+
+## 2.3.1
+
+* Fixes for Foundry reproducer test generation (#1484, #1514)
+* Fix SSE getting stuck at the end of execution (#1493)
+* Fix gas underreporting on reverted transactions (#1503)
+* Onchain coverage improvements with Sourcify support as an alternative to Etherscan (#1504, #1511)
+* New `disableOnchainSources` option and `--disable-onchain-sources` CLI flag
+* FFI support now handles commands that output an extra newline (#1507)
+* Updated hevm to `release/0.57.0` (#1515)
+* Newer nixpkgs and compilation fixes for GHC 9.10 (#1500, #1501)
+
+## 2.3.0
+
+* Symbolic execution integration with fuzzing: verification mode for stateless functions and symExec mode combining fuzzing with symbolic execution (#1394)
+* Support for Bitwuzla, cvc5, and Z3 solvers (#1421, #1425)
+* Foundry test generation for discovered bugs (standalone reproducers for failed assertions) (#1437)
+* Improved HTML coverage reporting (#1415) with configurable `coverageDir` option (#1428)
+* Enhanced failure diagnostics: all events from all transactions in the sequence are now displayed (#1475)
+* Deployment errors now show full execution trace (#1466)
+* Shrinking status logged during minimization (#1454)
+* Dictionary extraction from tuple elements (#1406)
+* Enhanced callback encoding for multicall-style interactions (#1444)
+* Docker image now includes Foundry, Z3, and Bitwuzla (#1422, #1469)
+* `rtsopts` enabled on release builds (#1457)
+* Dropped Etheno support and `initialize` configuration (#1402)
 * Dropped `estimateGas` support and auxiliary code (#1403)
+* Dropped `symExecConcolic` option (#1394)
 
 ## 2.2.7
 

flake.nix

@@ -60,10 +60,10 @@
 
         hevm = pkgs: pkgs.lib.pipe 
           (pkgs.haskellPackages.callCabal2nix "hevm" (pkgs.fetchFromGitHub {
-            owner = "ethereum";
+            owner = "argotorg";
             repo = "hevm";
-            rev = "9ba5e52fc7ec7ae6f7f3a25d5ee426625d2aa9d3";
-            sha256 = "sha256-5ZWsXtmZsMw2el4cuR9T+qrySTra6Lcaty/RrLOQ2hU=";
+            rev = "release/0.57.0";
+            sha256 = "sha256-Fn/u6u5euZ+khabqdOw7N29le29XCnxbOdSZOit+XXk=";
           }) { secp256k1 = pkgs.secp256k1; })
           ([
             pkgs.haskell.lib.compose.dontCheck

lib/Echidna.hs

@@ -122,7 +122,7 @@ instance ReadConfig IO where
 mkEnv :: EConfig -> BuildOutput -> [EchidnaTest] -> World -> Maybe SlitherInfo -> IO Env
 mkEnv cfg buildOutput tests world slitherInfo = do
   codehashMap <- newIORef mempty
-  chainId <- maybe (pure Nothing) Onchain.fetchChainIdFrom (Just cfg.rpcUrl)
+  chainId <- Onchain.fetchChainIdFrom cfg.rpcUrl
   eventQueue <- newChan
   bus <- newBroadcastTChanIO
   coverageRefInit <- newIORef mempty

lib/Echidna/Config.hs

@@ -72,6 +72,7 @@ instance FromJSON EConfigWithUsage where
               <*> v ..:? "rpcBlock"
               <*> v ..:? "etherscanApiKey"
               <*> v ..:? "projectName"
+              <*> v ..:? "disableOnchainSources" ..!= False
       where
       useKey k = modify' $ Set.insert k
       x ..:? k = useKey k >> lift (x .:? k)

lib/Echidna/Exec.hs

@@ -160,7 +160,7 @@ execTxWith executeTx tx = do
         let process = (P.proc cmd args) { P.env = Just mergedEnv }
         (_, stdout, _) <- liftIO $ P.readCreateProcessWithExitCode process ""
         let encodedResponse = encodeAbiValue $
-              AbiTuple (V.fromList [AbiBytesDynamic . hexText . T.pack $ stdout])
+              AbiTuple (V.fromList [AbiBytesDynamic . hexText . T.strip . T.pack $ stdout])
         fromEVM (continuation encodedResponse)
         runFully
 

lib/Echidna/Onchain.hs

@@ -11,17 +11,17 @@ module Echidna.Onchain
 where
 
 import Control.Concurrent.MVar (readMVar)
-import Control.Exception (catch)
+import Control.Exception (catch, SomeException)
 import Control.Monad (when, forM_)
 import Data.ByteString qualified as BS
 import Data.ByteString.UTF8 qualified as UTF8
 import Data.Map qualified as Map
-import Data.Maybe (isJust, fromJust)
+import Data.Maybe (isJust, fromJust, fromMaybe)
+import Data.Sequence (Seq)
 import Data.Text (Text)
 import Data.Text qualified as Text
 import Data.Vector qualified as Vector
 import Data.Word (Word64)
-import Etherscan qualified
 import Network.HTTP.Simple (HttpException)
 import Network.Wreq.Session qualified as Session
 import Optics (view)
@@ -32,9 +32,12 @@ import Text.Read (readMaybe)
 import EVM (bytecode)
 import EVM.Effects (defaultConfig)
 import EVM.Fetch qualified
-import EVM.Solidity (SourceCache(..), SolcContract (..))
+import EVM.Solidity (SourceCache(..), SolcContract(..), SrcMap, makeSrcMaps)
 import EVM.Types hiding (Env)
 
+import Echidna.Onchain.Etherscan qualified as Etherscan
+import Echidna.Onchain.Sourcify qualified as Sourcify
+import Echidna.Onchain.Types (SourceData(..))
 import Echidna.Output.Source (saveCoverages)
 import Echidna.SymExec.Symbolic (forceBuf)
 import Echidna.Types.Campaign (CampaignConf(..))
@@ -87,42 +90,91 @@ safeFetchSlotFrom session rpcBlock rpcUrl addr slot =
 -- code fetched from the outside
 externalSolcContract :: Env -> String -> Addr -> Contract -> IO (Maybe (SourceCache, SolcContract))
 externalSolcContract env explorerUrl addr c = do
-  case env.cfg.etherscanApiKey of
+  let runtimeCode = forceBuf $ fromJust $ view bytecode c
+
+  -- Try Sourcify first (if chainId available)
+  sourcifyResult <- case env.chainId of
+    Just chainId -> do
+      putStr $ "Fetching source for " <> show addr <> " from Sourcify... "
+      Sourcify.fetchContractSource chainId addr
+    Nothing -> pure Nothing
+
+  -- If Sourcify fails, try Etherscan (only if API key exists)
+  sourceData <- case sourcifyResult of
+    Just sd -> do
+      putStrLn "Success!"
+      pure (Just sd)
+    Nothing -> do
+      putStrLn "Failed!"
+      case env.cfg.etherscanApiKey of
+        Nothing -> do
+          putStrLn "Skipping Etherscan (no API key configured)"
+          pure Nothing
+        Just _ -> do
+          putStr $ "Fetching source for " <> show addr <> " from Etherscan... "
+          result <- Etherscan.fetchContractSourceData
+            env.chainId
+            env.cfg.etherscanApiKey
+            explorerUrl
+            addr
+          maybe (putStrLn "Failed!") (const $ putStrLn "Success!") result
+          pure result
+
+  -- Convert to SolcContract
+  case sourceData of
+    Just sd -> buildSolcContract runtimeCode sd
     Nothing -> pure Nothing
-    Just _ -> do
-      let runtimeCode = forceBuf $ fromJust $ view bytecode c
-      putStr $ "Fetching Solidity source for contract at address " <> show addr <> "... "
-      srcRet <- Etherscan.fetchContractSource env.chainId env.cfg.etherscanApiKey addr
-      putStrLn $ if isJust srcRet then "Success!" else "Error!"
-      putStr $ "Fetching Solidity source map for contract at address " <> show addr <> "... "
-      srcmapRet <- Etherscan.fetchContractSourceMap explorerUrl addr
-      putStrLn $ if isJust srcmapRet then "Success!" else "Error!"
-      pure $ do
-        src <- srcRet
-        (_, srcmap) <- srcmapRet
-        let
-          files = Map.singleton 0 (show addr, UTF8.fromString src.code)
-          sourceCache = SourceCache
-            { files
-            , lines = Vector.fromList . BS.split 0xa . snd <$> files
-            , asts = mempty
-            }
-          solcContract = SolcContract
-            { runtimeCode = runtimeCode
-            , creationCode = mempty
-            , runtimeCodehash = keccak' runtimeCode
-            , creationCodehash = keccak' mempty
-            , runtimeSrcmap = mempty
-            , creationSrcmap = srcmap
-            , contractName = src.name
-            , constructorInputs = [] -- error "TODO: mkConstructor abis TODO"
-            , abiMap = mempty -- error "TODO: mkAbiMap abis"
-            , eventMap = mempty -- error "TODO: mkEventMap abis"
-            , errorMap = mempty -- error "TODO: mkErrorMap abis"
-            , storageLayout = Nothing
-            , immutableReferences = mempty
-            }
-        pure (sourceCache, solcContract)
+
+-- | Build SolcContract and SourceCache from SourceData
+buildSolcContract :: BS.ByteString -> SourceData -> IO (Maybe (SourceCache, SolcContract))
+buildSolcContract runtimeCode sd = do
+  -- Build SourceCache from multiple source files
+  let sourcesList = Map.toList sd.sourceFiles
+      filesMap = Map.fromList $ zip [0..]
+        (fmap (\(path, content) -> (Text.unpack path, UTF8.fromString $ Text.unpack content)) sourcesList)
+      sourceCache = SourceCache
+        { files = filesMap
+        , lines = Vector.fromList . BS.split 0xa . snd <$> filesMap
+        , asts = mempty
+        }
+
+  -- Parse source maps safely
+  runtimeSrcmap <- case sd.runtimeSrcMap of
+    Just sm -> makeSrcMapsSafe sm
+    Nothing -> pure mempty
+
+  creationSrcmap <- case sd.creationSrcMap of
+    Just sm -> makeSrcMapsSafe sm
+    Nothing -> pure mempty
+
+  -- Build ABI maps
+  -- TODO: Need mkAbiMap, mkEventMap, mkErrorMap to be exported from hevm
+  -- For now, we keep them as mempty but at least we have the ABI data available
+  let (abiMap', eventMap', errorMap') = (mempty, mempty, mempty)
+
+  let solcContract = SolcContract
+        { runtimeCode = runtimeCode
+        , creationCode = mempty
+        , runtimeCodehash = keccak' runtimeCode
+        , creationCodehash = keccak' mempty
+        , runtimeSrcmap = runtimeSrcmap
+        , creationSrcmap = creationSrcmap
+        , contractName = sd.contractName
+        , constructorInputs = []
+        , abiMap = abiMap'
+        , eventMap = eventMap'
+        , errorMap = errorMap'
+        , storageLayout = Nothing
+        , immutableReferences = fromMaybe mempty sd.immutableRefs
+        }
+
+  pure $ Just (sourceCache, solcContract)
+
+-- | Safe wrapper for makeSrcMaps to prevent crashes
+makeSrcMapsSafe :: Text.Text -> IO (Seq SrcMap)
+makeSrcMapsSafe txt =
+  catch (pure $ fromMaybe mempty $! makeSrcMaps txt)
+        (\(_ :: SomeException) -> pure mempty)
 
 
 saveCoverageReport :: Env -> Int -> IO ()

lib/Etherscan.hs lib/Echidna/Onchain/Etherscan.hslib/Etherscan.hs renamed to lib/Echidna/Onchain/Etherscan.hs

@@ -1,8 +1,6 @@
-module Etherscan
-  ( SourceCode(..)
+module Echidna.Onchain.Etherscan
+  ( fetchContractSourceData
   , getBlockExplorerUrl
-  , fetchContractSource
-  , fetchContractSourceMap
   )
 where
 
@@ -26,6 +24,8 @@ import Text.XML.Cursor (attributeIs, content, element, fromDocument, ($//), (&//
 import EVM.Solidity (makeSrcMaps, SrcMap)
 import EVM.Types (Addr, W256)
 
+import Echidna.Onchain.Types (SourceData(..))
+
 data SourceCode = SourceCode
   { name :: Text
   , code :: String
@@ -132,9 +132,8 @@ getBlockExplorerUrl maybeChainId = do
     Just url -> pure $ T.unpack url
 
 -- | Unfortunately, Etherscan doesn't expose source maps in the JSON API.
--- This function scrapes it from the HTML. Return a tuple where the first element
--- is raw srcmap in text format and the second element is a parsed map.
-fetchContractSourceMap :: String -> Addr -> IO (Maybe (Text, Seq SrcMap))
+-- This function scrapes it from the HTML. Return the raw srcmap in text format
+fetchContractSourceMap :: String -> Addr -> IO (Maybe Text)
 fetchContractSourceMap baseUrl addr = do
   -- Scrape HTML from block explorer
   url <- parseRequest $ baseUrl <> "/address/" <> show addr
@@ -150,11 +149,34 @@ fetchContractSourceMap baseUrl addr = do
   -- combine with raw srcmap to return so it is easier to cache
   case catMaybes $ zipWith (\x -> fmap (x,)) candidates parsedCandidates of
     [] -> pure Nothing
-    srcmap:_ -> pure (Just srcmap)
+    srcmap:_ -> pure (Just $ fst srcmap)
 
 -- | Calling makeSrcMaps on arbitrary input is unsafe as it could crash
 -- | Wrap it so it doesn't crash, TODO: fix in hevm
 safeMakeSrcMaps :: T.Text -> IO (Maybe (Seq SrcMap))
 safeMakeSrcMaps x =
   -- $! forces the exception to happen right here so we can catch it
   catch (pure $! makeSrcMaps x) (\(_ :: SomeException) -> pure Nothing)
+
+-- | Unified interface for fetching contract source data from Etherscan
+-- Returns Nothing if no API key is provided
+fetchContractSourceData
+  :: Maybe W256  -- ^ chainId (optional, defaults to mainnet)
+  -> Maybe Text  -- ^ Etherscan API key (returns Nothing if not provided)
+  -> String      -- ^ Block explorer URL (for HTML scraping)
+  -> Addr        -- ^ contract address
+  -> IO (Maybe SourceData)
+fetchContractSourceData _ Nothing _ _ = pure Nothing
+fetchContractSourceData maybeChainId maybeApiKey explorerUrl addr = do
+  srcRet <- fetchContractSource maybeChainId maybeApiKey addr
+  srcmapRet <- fetchContractSourceMap explorerUrl addr
+  pure $ do
+    src <- srcRet
+    Just $ SourceData
+      { sourceFiles = Map.singleton (src.name <> ".sol") (T.pack src.code)
+      , runtimeSrcMap = srcmapRet
+      , creationSrcMap = Nothing
+      , contractName = src.name
+      , abi = Nothing
+      , immutableRefs = Nothing
+      }