This was my submission to the Secureum CAREX Echidna workshop. Find 2 issues and successful, accepted
Install Echidna 2.0.1:
- Install/upgrade slither:
pip3 install slither-analyzer --upgrade - Recommended option: precompiled binaries (Linux and MacOS supported).
- Alternative option: use docker.
This repository contains everything necessary to test expected properties of the Math 64.64 library. Users should complete the Test creating functions to test different invariants from different mathematical operations (e.g. add, sub, etc) and adding assertions. The developer marked two functions as private instead of internal (sqrtu and divuu) which we are NOT going to directly test.
A few pointers to start:
- Read the documentation
- Think of basic arithmetic properties for every operation
- Consider when operation should or it should not revert
- Some properties could require to use certain tolerance
To start a Echidna fuzzing campaign use:
$ echidna-test Echidna-CAREX.sol --contract Test --test-mode assertion --corpus-dir corpus --seq-len 1 --test-limit 1000000 --config config.yaml --format text
The last argument, --test-limit should be tweaked according to the time you want to spend in the fuzzing campaign.
Additionally, from time to time, you should remove the corpus using rm -Rf corpus.
The recommended Solidity version for the fuzzing campaign is 0.8.1, however, more recent releases can be used as well.
Before starting, please review the Echidna README, as well as the official tutorials. Additionally, there is specific documentation on the libraries:
Library of mathematical functions operating with signed 64.64-bit fixed point numbers.
[ documentation | source ]
Copyright (c) 2019, ABDK Consulting
All rights reserved.