Install Echidna 2.0.1:
- Install/upgrade slither:
pip3 install slither-analyzer --upgrade - Recommended option: precompiled binaries (Linux and MacOS supported).
- Alternative option: use docker.
This repository contains everything necessary to test expected properties of the Math 64.64 library. Users should complete the Test creating functions to test different invariants from different mathematical operations (e.g. add, sub, etc) and adding assertions. The developer marked two functions as private instead of internal (sqrtu and divuu) which we are NOT going to directly test.
A few pointers to start:
- Read the documentation
- Think of basic arithmetic properties for every operation
- Consider when operation should or it should not revert
- Some properties could require to use certain tolerance
To start a Echidna fuzzing campaign use:
$ echidna-test EchidnaTest.sol --contract Test --test-mode assertion --corpus-dir corpus --seq-len 1 --test-limit 1000000
The last argument, --test-limit should be tweaked according to the time you want to spend in the fuzzing campaign.
Additionally, from time to time, you should remove the corpus using rm -Rf corpus.
The recommended Solidity version for the fuzzing campaign is 0.8.1, however, more recent releases can be used as well.
User should be able to fully test the Math 64.64 library. It is worth mentioning that the code is unmodified and there are no known issues. If you find some security or correctness issue in the code do NOT post it in this repository nor upstream, since these are public messages. Instead, contact us by email to confirm the issue and discuss how to proceed.
For Secureum, the resulting properties will be evaluated introducing an artificial bug in the code and running a short fuzzing campaign.
Before starting, please review the Echidna README, as well as the official tutorials. Additionally, there is specific documentation on the libraries:
Library of mathematical functions operating with signed 64.64-bit fixed point numbers.
[ documentation | source ]
Copyright (c) 2019, ABDK Consulting
All rights reserved.