Echidna 2.0.0 (beta 1)

Echidna 2.0.0 (beta 1) is the first beta release of the new version of our fuzzing tool for smart contracts, which brings a number of new features and breaking changes. If you need a stable release right now, please use v1.7.2, otherwise, we encourage everyone to test this new beta.

Echidna 2.0 has the following new major features:

• Full support for solc 0.8.x or greater to detect assertion failures, including automatic detection of integer overflows, zero division, invalid casts, and others.
• Assertion tests using events (e.g. AssertionFailure(...)) are improved to work even if the execution reverts.
• Value optimization tests, where there is a function that computes a value (int256) and Echidna tries to find a maximum.
• Automatic detection of contract destruction (which usually should trigger failures in other tests).

On top of that, Echidna will show us valuable information regarding why the test is failing and what is the state of the contract when it failed:

• The cause that triggers a failure in a property or assertion (e.g. a revert in a property test). This allows auditors to quickly detect unexpected failures in properties.
• The list of events collected during the transaction that trigger a test failure (or that provides the maximum value of a certain function if optimization is used). This allows users to print any state variable or computation just using events.

This new release also features a simplified interface, using a "test mode" to specify what type of tests you want. This can be used directly in the command-line:

• To test assertions and enable the automatic detection of integer overflows (if solc 0.8.x is used):

echidna-test contract.sol --test-mode assertion 

• To run a value optimization and find the maximum value in some function:

echidna-test contract.sol --test-mode optimization

• To run unconstrained exploration mode, where echidna will try to execute every line of code without any testing target:

echidna-test contract.sol --test-mode exploration

Finally, by default, --test-mode is assumed to be property. This new version also removes checkAssertion and benchmarkMode config options. Instead, users should specify testMode in the yaml file which can be one the values previously detailed.

Added

• Complete support for assertion detection and other in solc 0.8 and greater
• New testing modes: function optimization [UNSTABLE FEATURE]
• Events and cause of failure is now displayed [UNSTABLE FEATURE]
• Automatic detection of destructed contracts

Removed

• checkAssertion and benchmarkMode were removed in favor of testMode [BREAKING CHANGE]

Fixed

• Revert cleans all the events
• Incorrect handling of negative constants (#636)
• Incorrect filtering of functions when using assertion mode (#690)
• Value generation can fail in multi-abi mode (#579)

Refactored

• Refactored campaign and execution code (#615)
• Refactored integration test code
• Refactored UI code [UNSTABLE FEATURE]

Echidna 1.7.2

Echidna 1.7.2 is a minor release that brings a variety of fixes and small improvements, including improved command-line options and fixes when using hardhat/brownie to test contracts. It relies on hevm 0.46 for the EVM emulation. This release requires to use crytic-compile 0.2.0 or later but otherwise contains no breaking changes.

Fixed

• Fixed check-asserts and multi-abi cli switches (#665)
• Support for loading multiple files with compiled contracts from hardhat/brownie (#659)

Refactored

• Updated to hevm 0.4.6 (#660)

Echidna 1.7.1

Echidna 1.7.1 is a minor release that brings a variety of fixes and small improvements, including better mutations, two new command-line options, --corpus-dir and --check-asserts, correct initialization of new addresses and extended notion of coverage to include EVM frames. This release contains no breaking changes.

Added

• Documented known issues and limitations (#655)
• Improved coverage to count number of EVM frames (#624)
• Added two CLI options: --corpus-dir and --check-asserts (#640)

Fixed

• Tweaked mutators and improved test stability (#628)
• Automatically initialize addresses when used (#657)
• Avoid mutations to generate inputs outside their expected ABI range (#650)
• Various small fixes to run Vyper contracts (#645)
• Fixed link to macOS binary in binaries.soliditylang.org (#629)
• Fixed UI to fit long function calls (#635)
• Fixed default.nix to use 1.7.0 as version (#623)

Refactored

• Refactored shrinkSeq to improve readability (#639)
• Refactored Test type (#622)
• Refactored coverage types and added corpus size in UI (#627)

Echidna 1.7.0

Echidna 1.7.0 is a major release that brings a few major features:

• Coverage guided-fuzzing enabled by default (no need to use coverage: true)
• New mutators for transactions and arrays to discover even more interesting paths in your code
• Source code integration to collect and visualize coverage (enabled using corpusDir)
• An new approach for end-to-end testing using Etheno, as described in our new tutorial in the building-secure-smart-contracts repository

This release also includes several internal refactorings, fixes in our CI tests and improved Nix support. The Echidna team would also like to thank @elopez for their fixes submitted as PRs.

Added

• Enabled use of coverage by default (#605) [BREAKING CHANGE]
• More corpus and array mutations implemented (#372)
• Source coverage is printed after fuzzing campaign (#516)

Fixed

• Coverage filenames are not overwritten (#620)
• Nix improvements and fixes (#603, #604, #608, #612)

Refactored

• Refactored and improved etheno support to be more useful (#615)
• Refactored the mutator code (#618)
• Run echidna tests in parallel (#571)
• Simplified slither information parsing (#543)

Echidna 1.6.1

Echidna 1.6.1 is a minor release that, most importantly, allows using compiler metadata to detect which contracts are deployed, avoiding any issues when the bytecode modifies its own code (e.g., when they use the immutable keyword). This release also contains performance optimizations when executing properties, speeding up the testing when the EVM reverts, and lets users be more precise when whitelisting or blacklisting functions by specifying the full contract name and ABI.

The Echidna team would also like to thank @elopez and @KurogeWashu for their fixes submitted as PRs.

Fixed

• Use a sensible default value for block.gaslimit (#596)
• Use metadata to detect deployed contracts (#593)
• Fixed wait bug when shrinking (#584)
• Small fixes in the macOS CI (#597), the README (#590) and Nix scripts (#581)

Added

• Semver integration for improving testing with different solc versions (#594)
• Added some performance improvement in property execution (#576)
• Added funwithnumbers example from Sabre (#565)
• Improved function filtering to be more precise (#570) [BREAKING CHANGE]

Echidna 1.6.0

Echidna 1.6.0 introduces integration with Slither, now a required dependency for Echidna to function properly. Slither can help Echidna understand the structure of Solidity contracts which we use to explore more interesting code paths. This release also updates hevm to version 0.42, improves shrinking and pretty-printing of results, and includes a variety of bugfixes and refactoring. Finally, the Echidna team would also like to thank @elopez, @erivas, and @bingen for their work on squashing some annoying issues.

Added

• Remove code size restriction (disable EIP-170) by default. Users can restore it using the codeSize config (#544)
• Improved shrinking and pretty printing (#518)
• Integrate slither results (#451) [BREAKING CHANGE]
• HEVM updated to 150dddc67b6cbad75fd4ae5a689452892f55ea26 (#511)
• Make stack limit exceeded a revert (#517)
• Various Github Actions improvements (#527, #554)

Fixed

• Made sure that gets mapped correctly, fixing #474 (#503)
• Fix library timestamp/block delay issue (#510)
• Make large constants work better with dictionaries (#523)
• Fix "flanky" corpus tests (#537)
• Fix negative address bug (#552)

Refactored

• Reorganized MonadState and MonadReader (#545, #513)
• Multiple code simplification (#548, #549, #513)
• Add some default transaction constants (#532)

Echidna 1.5.1

This minor release focuses on stability. We improved the handling of timestamp and block number to make testing of code depending on these easier and more effective. Additionally, we fixed some corner cases in the handling of contract deployments, we improved the UI to be easier to use, refactored some internal code and added more unit tests. Finally, the Echidna team would also like to thank @elopez, our external contributor for their work on squashing some annoying issues.

Added

• Seed to UI (#456)
• Initial timestamp and block number (#455)
• DockerHub containers in addition to GitHub (#445)

Fixed

• Timestamp and block delays having the initial timestamp/block added to them (#460, #469)
• GitHub actions due to new macOS image (#468)
• Extcodesize by creating contracts correctly (#453, #454, #465)
• Detect contract deployment failures (#447)
• Brought back print reporting after exiting the UI (#441)

Refactored

• Relax package.yaml constraints (#466)
• Refactor unit tests (#457)
• Better README (#450)
• Code simplifications (#448)
• Refactor Tx (#437)

Echidna 1.5.0

With this release of Echidna we are changing the version format to a 3-number format to be more in line with pre-existing tools and away from the slightly more arcane 4-number Haskell format. With vX.Y.Z, one can expect bumps in Z to not significantly impact any pre-existing echidna installations and scripts. Changes in Y may require a small amount of manual intervention and changes in X will definitely require manual intervention. Please check the release notes when updating to determine what needs to be changed.

This release introduces a generic list mutation engine that is used to mutate transaction lists, especially those loaded from a previous Echidna corpus. It also introduces a new JSON output format for use in headless environments. Use the --format json command line switch to see it in action. The existing CLI interface remains unchanged. Please consult the changelog for further details.

As always, we release a MacOS binary as well as a static binary compiled on Ubuntu. Please note that for macOS it is dynamically linked and libsecp256k1 was installed from this recipe and that libff was built from source and installed to /usr/local/lib. You can now find Docker autobuilds under our package registry. This release may be found here.

On behalf of the Echidna team I would also like to thank our external contributors for their work on quashing some annoying issues.

erivas
elopez

Echidna is now bundled within Crytic CI, which can automatically run Echidna as well as other tools like Slither automatically for you for super easy Github integration. Also check out building-secure-contracts to learn how to write properties and use Echidna's advanced features.

Echidna 1.4.0.1

This is a minor update to 1.4.0.0. We have bumped the HEVM version so contracts may be compiled with Solidity 0.6.

Echidna 1.4.0.0

This is the fifth release of Echidna. With this release, we introduce two new features which can be enabled via various configuration flags:

• Filtering functions either blacklisting or whitelisting functions to call during a fuzzing campaign using this configuration to blacklist:

filterBlacklist: true
filterFunctions: ["f1", "f2", "f3"]

or this one to whitelist:

filterBlacklist: false
filterFunctions: ["f1", "f2", "f3"]

• Saving and loading a corpus of transactions (in JSON format) using this configuration:

coverage: true
corpusDir: "corpus"

Note that the corpus directory should be already created.