Today we released Echidna, our next-generation EVM smart fuzzer at EthCC. It’s the first-ever fuzzer to target smart contracts, and has powerful features like abstract state-machine modeling and automatic minimal test case generation. We’ve been working on it for quite some time, and are thrilled to finally share it with the world.
Different interfaces for different applications
Echidna ships with both the
echidna-test executable, which can start finding bugs in your Solidity code in minutes, and a powerful and comprehensive library for writing your own analyses. echidna-test requires nothing other than simple Solidity assertions to find deep bugs and comes with a clear UI to make understanding its output easy. See a video of it in action:
As a library, Echidna provides a myriad of tools to write custom analyses for more complex contracts. Want to model the progression of time to test your token launch contract? Echidna does that. Want to write an symbolic model of your contract’s underlying state machine? Echidna does that. Want to do something even fancier? No promises, but ask around on Empire Hacking and there’s a good chance Echidna does that too.
Echidna isn’t just a powerful fuzzer.
We took care to write a beautiful UI, ensure generated test cases are minimal, test with continuous integration, and provide examples so you can use it more easily. We’re still actively developing it, so there may be some rough edges. On the off chance you run into one, you should file an issue and we’ll do our best to take care of it. We use Echidna on real audits, so we’re committed to it being as correct and powerful as possible.
It’s easy to get started
Echidna uses stack, so setup should be a breeze, and the only dependency you’ll need is whatever version of solc your contract uses (and, of course, stack itself). If you do run into issues, we’ve tried to document the process and potential workarounds.
Once it’s installed, you can simply run
echidna-test solidity/cli.sol and you’re off to the races! If you have any issues, open one on Github or ask in #ethereum on the Empire Hacking Slack and we’ll do our best to help.
This is a Security Bloggers Network syndicated blog post authored by JP Smith. Read the original post at: Trail of Bits Blog