Echidna 2.1.1

This is a release focused on fixes and minor features. User facing changes include:

• Optimized the memory usage during the fuzzing campaign.
• Added initial compatibility with invariant mode from Foundry.
• Added additional information on how Echidna spend time during startup.
• Fixed several small rare crashes.

This release also include a number of refactoring changes to make the code easier to improve in future.

Added

• Added missing space in ProcessorNotFound message (#977)
• Added measurement and log of external actions (#988)
• Avoid using cheat code address to form fuzzing call sequences (#993)
• Implemented invariant testing from foundry (#989)

Changed

• hevm upgraded to 0.50.4 (#986)
• Cleaned and improved codebase (#990, #994, #995, #997)
• Make frequently modified fields strict (#1000)
• Force corpus evaluation (#1002)
• Improved text/headless UI (#991, #1006, #1007, #1009)

Echidna 2.1.0

Echidna 2.1.0 introduces on-chain fuzzing. Echidna can now run starting with an existing state provided by an external RPC service (Infura, Alchemy, local node, etc). This enables users to speed up the fuzzing setup when using already deployed contracts. For instance:

contract TestCompoundEthMint {
 constructor() {
    hevm.roll(16771449);  // sets the correct block number
    hevm.warp(1678131671); // sets the expected timestamp for the block number
  }
  …
  Compound comp = Compound(0x4Ddc2D193948926D02f9B1fE9e1daa0718270ED5);
  function assertNoBalance() public payable {
    require(comp.balanceOf(address(this)) == 0);
    comp.mint{value: msg.value}();
    assert(comp.balanceOf(address(this)) == 0);
  }
}

We can specify the RPC endpoint for Echidna to use before running the fuzzing campaign with the following environment variables:

export ECHIDNA_RPC_URL=http://.. ECHIDNA_RPC_BLOCK=16771449

And then Echidna can be executed as usual. At the end of the execution, if the source code mapping of any executed on-chain contract is available on Etherscan, it will be automatically fetched for the coverage report. Optionally, an Etherscan key can be provided using the ETHERSCAN_API_KEY environment variable.

This release also provides experimental support for Windows binaries.

Additionally, this release also includes fixes and a large refactor of several parts of the code that will facilitate the tool development and performance improvements. Other important changes are:

• echidna-test executable was renamed as echidna
• multi-abi config keyword was renamed to allContracts. multi-abi still works but will be removed in future.
• FFI cheat code to allow execute execution from Solidity
• Special UI screen to show when there is a crash in Echidna

Added

• On-chain fuzzing (#927, #971) [EXPERIMENTAL]
• Added Windows support (#943) [EXPERIMENTAL]
• Added scrollbar to the UI (#915)
• Added crash display to the UI (#944)
• Added human-friendly errors for panic codes (#965)
• Added support for the FFI cheatcode (#750)

Changed

• Refactored code (#903, #906, #908, #924, #925, #928, #946, #956, #966, #968)
• Updated dependencies (#942, #948)
• Build and CI improvements (#912, #914, #917, #952, #967)
• Renamed echidna-test binary to echidna (#826)
• Renamed multi-abi mode to allContracts, multi-abi still works but will be removed in future (#934)

Removed

• Removed generation of negative seeds (#933) [BREAKING CHANGE]

Fixed

• Fixed method filtering in multi-abi mode (#950, #954)
• Fixed config parsing for too large values (#935)
• Fixed parsing string constants that start with 0x (#958)

Echidna 2.0.5

This release migrates Echidna to the new hevm implementation. Echidna can now use the prank cheat code that we recently added to hevm. It lets you override the msg.sender value for the next external call:

interface Hevm {
    ...
    function prank(address) external;
}

contract Test {
    Hevm hevm = Hevm(0x7109709ECfa91a80626fF3989D68f67F5b1DD12D);
    function echidna_test() {
       hevm.prank(0x123..); 
       contract.f(); // msg.sender will be 0x123..
       contract.g(); // msg.sender will be address(this)
       ..
    }
} 

Prank should be used carefully since it can introduce false positives if used to simulate calls from contracts. Please refer to this documentation for the complete list of cheat codes.

The release also refactors several parts of the code to facilitate further Echidna development.

Added

• Added saving and loading of reproducers for every test (#858)
• Added events and revert reasons for any failure in the constructor (#871)

Fixed

• Optimized constant generation (#898, #900)
• Fixed how address are displayed in events (#891)
• Update hevm to 0.50 (#884, #894, #896, #897, #901)
• Fixed uninitialized sender addresses from etheno transactions (#823)
• Fixed crash when minimizing inputs during optimization tests (#837)
• Refactored code and removed useless dependencies (#856, #857, #874, #878, #895, #903)

Echidna 2.0.4

This release introduces coverage reports as HTML files. This will ease the detection of uncovered code during fuzzing campaigns. It also includes bug fixes as well as a large refactor of several parts of the code. This means that new features and optimizations are easier to implement.

Echidna 2.0.4 will automatically generate a coverage report in HTML in the corpus directory following the same approach as the text file report (e.g. covered.X.html). The report will show colors to signal which lines are covered either without errors (green), with a revert (yellow) or not covered at all (red).

Additionally, lines with no color are not included in the bytecode.

Added

• Added colored html for coverage output code (#816)
• Added Homebrew installation instructions (#848)

Fixed

• Fixed crash when parsing solc versions (#835)
• Fixed long transactions and event lines in UI (#832)
• Moved all nix stuff to flake and use nix-bundle-exe for macOS release (#851)
• Updated codebase to GHC 9.0.2 (#846)
• Refactored code and removed useless dependencies (#854, #853, #829, #827, #828)

Watch our live streaming series to learn how to use Echidna like a pro (see our recent blogpost: "We're streamers now")

Echidna 2.0.3

This release focuses on getting enhanced coverage during a fuzzing campaign when handling non-utf8 strings, extreme signed integers and the fallback function. It also improved the scripts to build Docker containers.

Fixed

• Avoid resetting accounts if there is a deployed contract (#795)
• Fixed decoding non-utf8 strings from slither printer (#799)
• Fixed generation and mutation of extreme signed integers (#791)
• Removed fallback from signature map when it is not defined (#772)
• Refactored Docker scripts and tests (#706)

Echidna 2.0.2

This release eases the custom deployment of contracts at fixed addresses, improves the fuzzing's shrinking and fixes a crash the EVM emulation:

deployContracts: [["0x42", "ContractA"], ["0x43", "ContractB"]]
deployBytecodes: [["0x44", "60806.."]]

All the contracts are deployed using the deployer address and will produce an error if they fail.

Added

• Added support for deployment of certain contracts or bytecode in specific addresses (#758)
• Added support for detection and handling of ancient solc versions (#675)
• Added explicit static flag and removed pthread one from ghc options (#768)

Fixed

• Improved shrinking of dynamic arrays (#775)
• Fixed git attribute to support building docker containers in Windows (#773)
• Fixed crash when the EVM execution triggers more than one query (#760)

Echidna 2.0.1

This release adds support for dapp/foundry properties, improves the input generation and fixes multiple minor bugs.

Echidna supports writing properties/invariants using three different APIs:

function echidna_property() public returns (bool) { // A specially named function with no arguments is required
    // The following statement can trigger a failure depending on the returned value. Reverts will force a failure
    return ..;
} // side effects are *not* preserved

function checkInvariant(..) public { // A function with any number of arguments is supported using "--testMode assertion"
    assert(..); 
    // The following statement will always trigger a failure
    emits AssertionFailure(..);    
} // side effects are preserved

function checkDappTest(..) public { // A function with one or more arguments are required using "--testMode dapptest"
    // Any revert will cause a failure, otherwise it passes
    ...
} // side effects are preserved (but usually this runs in stateless mode)

Every testing mode can be stateful (by default) or stateless (using --seqLen 1). Review our documentation for more details on how to use these APIs and the difference between stateful and stateless fuzzing.

Added

• New testing mode: "dapptest" to run foundry and dapptool fuzz tests (#733, #745) (see an example here)
• Generate more values closer to the maximum (#736)

Fixed

• Expanded and improved command-line help (#741)
• Fixed TERMINFO path for Nix release builds (#731)
• Mitigated large memory consumption when replaying corpus (#725)
• Fixed --shrink-limit to change shrink limit instead of test limit (#728)
• Correctly show lines with multiple types of coverage
• Restored nix support (#717, #743)

Removed

• Optimized stateless fuzzing removing some specific mutators (#747)

Echidna 2.0.0

Echidna 2.0.0 is a new major release of our fuzzing tool for smart contracts. All users of Echidna should move to version 2.0.0. We will not provide support for older releases.

Major new features

• Detection of assertion failures in Solidity 0.8.x or greater, including automatic detection of integer overflows, zero division, invalid casts, and more

• Automatic discovery of maximum values for functions that compute a value (e.g., int256) with --test-mode optimization

• Automatic integer over- and underflow detection in Solidity 0.8.x or greater with --test-mode overflow. This mode detects integer issues across all functions of the tested contract. It shows inputs that cause under- or overflows without any additional configuration. For instance, it will detect an overflow in this code snippet without outside assistance:

  function f(uint x, uint y) public {
    uint z = x + y;
    ... 
  }

• Automatic detection of contract destruction using testDestruction (which usually should trigger failures in other tests)

• Assertion tests using events (e.g., AssertionFailure(...)) are improved to work even if the execution reverts

Enhanced user experience

Echidna now shares why a test failed and what state the contract was in when it failed. Echidna now displays:

• The cause that triggers a failure in a property or assertion (e.g., a revert in a property test) to help quickly detect unexpected failures in properties
• A list of events or custom errors collected during the transaction that triggers a failure, which lets users print any state variable or computation using only events

Simplified test configuration

Echidna 2.0.0 features a simplified interface, using a "test mode" to specify the type of tests performed. These are configured via --test-mode (CLI) or testMode (config file):

• (Default for no arguments) Run user-defined property tests: echidna-test contract.sol --test-mode property
• Detect integer overflows (Solidity 0.8.x+): echidna-test contract.sol --test-mode overflow
• Find the maximum value for a function: echidna-test contract.sol --test-mode optimization
• Execute every line of code without any testing target ("unconstrained execution"): echidna-test contract.sol --test-mode exploration
• Detect assertion failures (previously checkAsserts): echidna-test contract.sol --test-mode assertion

checkAsserts and benchmarkMode options have been removed.

Changelog

Added

• Complete support for assertion detection in Solidity 0.8 and greater
• New testing modes: function optimization
• New testing mode: Integer under and overflow detection in solc 0.8 and greater
• Events and cause of failure are now displayed
• Added a new self-destruction test to check if any contract was destroyed
• Added a new config option to enable or disabled all self-destruction tests using testDestruction

Removed

• checkAsserts and benchmarkMode were removed in favor of testMode [BREAKING CHANGE]

Fixed

• Revert cleans all the events
• Incorrect handling of negative constants (#636)
• Incorrect filtering of functions when using assertion mode (#690)
• Value generation can fail in multi-abi mode (#579)
• psender and deployer address are changed to be 0x10000 and 0x30000 for readability [BREAKING CHANGE]
• Upgraded to hevm 0.49

Refactored

• Refactored campaign and test internal data structures and code
• Refactored unit test code and moved the related files to the tests directory
• Refactored UI code

Echidna 1.7.3

This is a small release with some minor bugfixes and quality of life improvements. User facing changes include:

• removal of old compilation artifacts before starting another campaign
• fixed incorrect function filtering in assertion mode
• improved handling of negative constants
• fixed source line printing within coverage

Some less important changes are a version bump to hevm 0.48.0 and some nix improvements regarding slither.

Echidna 2.0.0 (beta 2)

Echidna 2.0.0 (beta 2) is the second beta release of the new version of our fuzzing tool for smart contracts, which continues with the new features, fixes and breaking changes. This release brings the following new major features:

• Automatic integer overflow or underflow detection for solc 0.8.x or greater using --test-mode overflow. This mode detects integer issues across all the functions of the tested contract to show inputs cause under or overflows without modifying or adding anything in your code. For instance, it will detect an overflow here:

  function f(uint x, uint y) public {
    uint z = x + y;
    ... 
  }

• Self destruction tests include any contract destruction (and not just the testing one). Additionally, they are disabled by default, making the UI easier to read.

Additionally, the psender and deployer addresses were changed to 0x10000 and 0x30000 respectively to be more readable. Please double check your properties to see if they work as expected.

Added

• New testing mode: Integer under and overflow detection in solc 0.8 and greater [UNSTABLE FEATURE]
• Added a new self-destruction test to check if any contract was destroyed.
• Added new config options to enable or disabled all self-destruction tests using testDestruction [BREAKING CHANGE]

Removed

• Self-destruction tests are disabled by default. [BREAKING CHANGE]

Fixed

• psender and deployer address are changed to be 0x10000 and 0x30000, to be more readable [BREAKING CHANGE]
• Upgraded to hevm 0.48.