Releases: crytic/echidna
Echidna 1.7.0
Echidna 1.7.0 is a major release that brings a few major features:
- Coverage guided-fuzzing enabled by default (no need to use
coverage: true
) - New mutators for transactions and arrays to discover even more interesting paths in your code
- Source code integration to collect and visualize coverage (enabled using
corpusDir
) - An new approach for end-to-end testing using Etheno, as described in our new tutorial in the building-secure-smart-contracts repository
This release also includes several internal refactorings, fixes in our CI tests and improved Nix support. The Echidna team would also like to thank @elopez for their fixes submitted as PRs.
Added
- Enabled use of coverage by default (#605) [BREAKING CHANGE]
- More corpus and array mutations implemented (#372)
- Source coverage is printed after fuzzing campaign (#516)
Fixed
Refactored
Echidna 1.6.1
Echidna 1.6.1 is a minor release that, most importantly, allows using compiler metadata to detect which contracts are deployed, avoiding any issues when the bytecode modifies its own code (e.g., when they use the immutable
keyword). This release also contains performance optimizations when executing properties, speeding up the testing when the EVM reverts, and lets users be more precise when whitelisting or blacklisting functions by specifying the full contract name and ABI.
The Echidna team would also like to thank @elopez and @KurogeWashu for their fixes submitted as PRs.
Fixed
- Use a sensible default value for
block.gaslimit
(#596) - Use metadata to detect deployed contracts (#593)
- Fixed wait bug when shrinking (#584)
- Small fixes in the macOS CI (#597), the README (#590) and Nix scripts (#581)
Added
Echidna 1.6.0
Echidna 1.6.0 introduces integration with Slither, now a required dependency for Echidna to function properly. Slither can help Echidna understand the structure of Solidity contracts which we use to explore more interesting code paths. This release also updates hevm
to version 0.42, improves shrinking and pretty-printing of results, and includes a variety of bugfixes and refactoring. Finally, the Echidna team would also like to thank @elopez, @erivas, and @bingen for their work on squashing some annoying issues.
Added
- Remove code size restriction (disable EIP-170) by default. Users can restore it using the
codeSize
config (#544) - Improved shrinking and pretty printing (#518)
- Integrate slither results (#451) [BREAKING CHANGE]
- HEVM updated to 150dddc67b6cbad75fd4ae5a689452892f55ea26 (#511)
- Make stack limit exceeded a revert (#517)
- Various Github Actions improvements (#527, #554)
Fixed
- Made sure that
gets
mapped correctly, fixing #474 (#503) - Fix library timestamp/block delay issue (#510)
- Make large constants work better with dictionaries (#523)
- Fix "flanky" corpus tests (#537)
- Fix negative address bug (#552)
Refactored
Echidna 1.5.1
This minor release focuses on stability. We improved the handling of timestamp and block number to make testing of code depending on these easier and more effective. Additionally, we fixed some corner cases in the handling of contract deployments, we improved the UI to be easier to use, refactored some internal code and added more unit tests. Finally, the Echidna team would also like to thank @elopez, our external contributor for their work on squashing some annoying issues.
Added
- Seed to UI (#456)
- Initial timestamp and block number (#455)
- DockerHub containers in addition to GitHub (#445)
Fixed
- Timestamp and block delays having the initial timestamp/block added to them (#460, #469)
- GitHub actions due to new macOS image (#468)
- Extcodesize by creating contracts correctly (#453, #454, #465)
- Detect contract deployment failures (#447)
- Brought back print reporting after exiting the UI (#441)
Refactored
Echidna 1.5.0
With this release of Echidna we are changing the version format to a 3-number format to be more in line with pre-existing tools and away from the slightly more arcane 4-number Haskell format. With vX.Y.Z, one can expect bumps in Z to not significantly impact any pre-existing echidna installations and scripts. Changes in Y may require a small amount of manual intervention and changes in X will definitely require manual intervention. Please check the release notes when updating to determine what needs to be changed.
This release introduces a generic list mutation engine that is used to mutate transaction lists, especially those loaded from a previous Echidna corpus. It also introduces a new JSON output format for use in headless environments. Use the --format json
command line switch to see it in action. The existing CLI interface remains unchanged. Please consult the changelog for further details.
As always, we release a MacOS binary as well as a static binary compiled on Ubuntu. Please note that for macOS it is dynamically linked and libsecp256k1 was installed from this recipe and that libff was built from source and installed to /usr/local/lib
. You can now find Docker autobuilds under our package registry. This release may be found here.
On behalf of the Echidna team I would also like to thank our external contributors for their work on quashing some annoying issues.
Echidna is now bundled within Crytic CI, which can automatically run Echidna as well as other tools like Slither automatically for you for super easy Github integration. Also check out building-secure-contracts to learn how to write properties and use Echidna's advanced features.
Echidna 1.4.0.1
This is a minor update to 1.4.0.0. We have bumped the HEVM version so contracts may be compiled with Solidity 0.6.
Echidna 1.4.0.0
This is the fifth release of Echidna. With this release, we introduce two new features which can be enabled via various configuration flags:
- Filtering functions either blacklisting or whitelisting functions to call during a fuzzing campaign using this configuration to blacklist:
filterBlacklist: true
filterFunctions: ["f1", "f2", "f3"]
or this one to whitelist:
filterBlacklist: false
filterFunctions: ["f1", "f2", "f3"]
- Saving and loading a corpus of transactions (in JSON format) using this configuration:
coverage: true
corpusDir: "corpus"
Note that the corpus
directory should be already created.
Echidna 1.3.0.0
This is the fourth release of Echidna. With this release, we introduce several new features which can be enabled via various config flags. Some of the major ones are:
# multi-abi enables the calling of all known contract ABIs passed to echidna at runtime,
# rather than just fuzzing the target contract. e.g. echidna can discover how to falsify
# contract A {
# uint256 public flag = 0;
# function setflag(uint256 x) public {
# flag = x;
# }
# }
# contract B {
# A public a;
# constructor() public {
# a = new A();
# }
# function echidna_test() public {
# return a.flag() == 1;
# }
# }
multi-abi: true
# Given a JSON file describing how to set up an initial blockchain,
# echidna can load these transactions and start fuzzing from there.
# See examples/solidity/basic_multicontract/export.json for more details.
# Leave this null to disable.
initialize: "/path/to/file"
# Turns on the worst case gas estimator. This causes echidna to print the maximum gas usage it saw.
estimateGas: true
Please note that this release introduces a breaking change from previous releases. The tested contract is now specified with --contract
rather than being the 2nd argument. This lets us pass more contracts to the command line driver for multi ABI support. See echidna-test --help
for more details.
As always, the full changelog may be viewed here. Attached to this release are a statically built Ubuntu binary from the Docker package and a macOS Catalina binary. You can also find this on Dockerhub under incertia/echidna
while we sort out automatic builds on the official repository.
Echidna 1.2.0.0
This is the third stable release of Echidna. We provide binaries for MacOS Catalina and Ubuntu. We recommend either using the docker container or building from source instead of the binaries, which are much less portable. Note that the standalone binaries do require crytic-compile and solc to work. You can install crytic-compile via pip (pip install crytic-compile
).
This release's changelog has some conflicts with the previous Github release, because the changelog was not religiously kept up to date. Future releases should have more accurate changelog information. You can read it here.
v1.1.0.0
Second stable release
- Provides a statically compiled Linux binary tested in Ubuntu 18.04 (x86_64)
- Mac OS binary is use-at-your-own-risk, may not be portable to other environments
Note that the standalone binaries do require crytic-compile and solc to work. You can install crytic-compile via pip (pip install crytic-compile
).
Major changes since 1.0.0.0:
-
Support for catching assertion violations
-
Support for maximum gas limits for properties and transactions
-
Support for generation of block number and time changes between transactions
-
Constant extraction for return values
-
Multisender testing is now default
-
Other improvements to default configuration to tune test generation, comments on default config
-
In particular, note that by default the property sender and the caller of the contract constructor (thus, often, the owner) are the same now, which can change the behavior of some properties
-
Various bug-fixes and minor improvements