Echidna: A Fast Smart Contract Fuzzer – 快速模糊合同区块链毕设代写

区块链毕设代写本文提供国外最新区块链项目源码下载,包括solidity,eth,fabric等blockchain区块链,Echidna: A Fast Smart Contract Fuzzer – 快速模糊合同区块链毕设代写 是一篇很好的国外资料

Echidna: A Fast Smart Contract Fuzzer Echidna: A Fast Smart Contract Fuzzer - 快速模糊合同

Echidna: A Fast Smart Contract Fuzzer - 快速模糊合同

Echidna is a weird creature that eats bugs and is highly electrosensitive (with apologies to Jacob Stanley)

More seriously, Echidna is a Haskell program designed for fuzzing/property-based testing of Ethereum smarts contracts. It uses sophisticated grammar-based fuzzing campaigns based on a contract ABI to falsify user-defined predicates or Solidity assertions. We designed Echidna with modularity in mind, so it can be easily extended to include new mutations or test specific contracts in specific cases.

Features

  • Generates inputs tailored to your actual code
  • Optional corpus collection, mutation and coverage guidance to find deeper bugs
  • Powered by Slither to extract useful information before the fuzzing campaign
  • Curses-based retro UI, text-only or JSON output
  • Automatic testcase minimization for quick triage
  • Seamless integration into the development workflow
  • Maximum gas usage reporting of the fuzzing campaign
  • Support for a complex contract initialization with Etheno and Truffle

.. and a beautiful high-resolution handcrafted logo.

Screenshot

Echidna: A Fast Smart Contract Fuzzer - 快速模糊合同

Usage

Executing the test runner

The core Echidna functionality is an executable called echidna-test. echidna-test takes a contract and a list of invariants (properties that should always remain true) as input. For each invariant, it generates random sequences of calls to the contract and checks if the invariant holds. If it can find some way to falsify the invariant, it prints the call sequence that does so. If it can’t, you have some assurance the contract is safe.

Writing invariants

Invariants are expressed as Solidity functions with names that begin with echidna_, have no arguments, and return a boolean. For example, if you have some balance variable that should never go below 20, you can write an extra function in your contract like this one:

function echidna_check_balance() public returns (bool) {     return(balance >= 20); }

To check these invariants, run:

$ echidna-test myContract.sol 

An example contract with tests can be found examples/solidity/basic/flags.sol. To run it, you should execute:

$ echidna-test examples/solidity/basic/flags.sol 

Echidna should find a a call sequence that falisfies echidna_sometimesfalse and should be unable to find a falsifying input for echidna_alwaystrue.

Crash course on Echidna

Our Builiding Secure Smart Contracts repository contains a crash course on Echidna, including examples, lessons and exercises. You should start here.

Support for smart contract build systems

Echidna can test contracts compiled with different smart contract build systems, including Truffle, Embark and even Vyper, using crytic-compile. For instance, we can uncover an integer overflow in the Metacoin Truffle box using a contract with Echidna properties to test:

$ cd examples/solidity/truffle/metacoin $ echidna-test . --contract TEST ... echidna_convert: failed!💥   Call sequence:     mint(57896044618658097711785492504343953926634992332820282019728792003956564819968) 

Echidna supports two modes of testing complex contracts. Firstly, one can describe an initialization procedure with Truffle and Etheno and use that as the base state for Echidna. Secondly, echidna can call into any contract with a known ABI by passing in the corresponding solidity source in the CLI. Use multi-abi: true in your config to turn this on.

Configuration options

Echidna’s CLI can be used to choose the contract to test and load a configuration file.

$ echidna-test contract.sol --contract TEST --config config.yaml 

The configuration file allows users to choose EVM and test generation parameters. An example of a complete and annotated config file with the default options can be found at examples/solidity/basic/default.yaml. More detailed documentation on the configuration options is available in our wiki.

Echidna supports three different output drivers. There is the default text driver, a json driver, and a none driver, which should suppress all stdout output. The JSON driver reports the overall campaign as follows.

Campaign = {   "success"      : bool,   "error"        : string?,   "tests"        : [Test],   "seed"         : number,   "coverage"     : Coverage,   "gas_info"     : [GasInfo] } Test = {   "contract"     : string,   "name"         : string,   "status"       : string,   "error"        : string?,   "testType"     : string,   "transactions" : [Transaction]? } Transaction = {   "contract"     : string,   "function"     : string,   "arguments"    : [string]?,   "gas"          : number,   "gasprice"     : number }

Coverage is a dict describing certain coverage increasing calls. Each GasInfo entry is a tuple that describes how maximal gas usage was achieved, and also not too important. These interfaces are subject to change to be slightly more user friendly at a later date. testType will either be property or assertion, and status always takes on either fuzzing, shrinking, solved, passed, or error.

Installation

Precompiled binaries

Before starting, make sure Slither is installed (pip3 install slither-analyzer --user). If you want to quickly test Echidna in Linux or MacOS, we provide statically linked Linux binaries built on Ubuntu and mostly static MacOS binaries on our releases page. You can also grab the same type of binaries from our CI pipeline, just click the commit to find binaries for Linux or MacOS.

Docker container

If you prefer to use a pre-built Docker container, log into Github on your local docker client and check out our docker package, which are also auto-built via Github Actions. Otherwise, if you want to install the latest released version of Echidna, we recommend using docker:

$ docker build -t echidna . 

Then, run it via:

$ docker run -it -v `pwd`:/src echidna echidna-test /src/examples/solidity/basic/flags.sol 

Building using Stack

If you’d prefer to build from source, use Stack. stack install should build and compile echidna-test in ~/.local/bin. You will need to link against libreadline and libsecp256k1 (built with recovery enabled), which should be installed with the package manager of your choosing. You also need to install the latest release of libff. Refer to our CI tests for guidance.

Some Linux distributions do not ship static libraries for certain things that Haskell needs, e.g. Arch Linux, which will cause stack build to fail with linking errors because we use the -static flag. Removing these from package.yaml should get everything to build if you are not looking for a static build.

If you’re getting errors building related to linking, try tinkering with --extra-include-dirs and --extra-lib-dirs.

Building using Nix

Nix users can install the lastest Echidna with:

$ nix-env -i -f https://github.com/crytic/echidna/tarball/master 

It is possible to develop Echidna with Cabal inside nix-shell. Nix will automatically install all the dependencies required for development including crytic-compile and solc. A quick way to get GHCi with Echidna ready for work:

$ git clone https://github.com/crytic/echidna $ cd echidna $ nix-shell [nix-shell]$ cabal new-repl 

Getting help

Feel free to stop by our #ethereum slack channel in Empire Hacking for help using or extending Echidna.

  • Get started by reviewing these simple Echidna invariants

  • Review the Solidity examples directory for more extensive Echidna use cases

  • Considering emailing the Echidna development team directly for more detailed questions

We use optional third-party analytics cookies to understand how you use GitHub.com so we can build better products. Learn more.


Echidna:A Fast Smart Contract Fuzzer<Echidna: A Fast Smart Contract Fuzzer>

功能

屏幕截图

用法

执行测试运行程序

编写不变量

Echidna上的崩溃课程

支持智能合约构建系统

配置选项

安装语料库收集、变异和覆盖指导,以发现更深层次的错误
  • 由Slither提供支持,在模糊化活动之前提取有用信息
  • 基于诅咒的回复UI、纯文本或JSON输出
  • 自动最小化测试用例,以便快速分类
  • 无缝集成到开发工作流中
  • 模糊化活动的最大气体使用量报告
  • 支持使用Etheno和Truffle进行复杂的合同初始化
  • 首先查看这些简单的针状结构不变量
  • 查看Solidity examples目录,以获取更广泛的针状结构用例
  • 考虑通过电子邮件发送针状结构开发团队直接提出更详细的问题
  • Echidna: A Fast Smart Contract Fuzzer - 快速模糊合同

    针鼹是一种吃虫子的奇怪生物,对电敏感(向雅各布·斯坦利道歉)

    更严重的是,针形刺是一个Haskell程序,专为以太坊eth智能合约的模糊化/基于属性的测试而设计。它使用基于契约ABI的复杂的基于语法的模糊化活动来伪造用户定义的谓词或可靠断言。我们在设计针鼹核酸时考虑了模块化,因此它可以很容易地扩展到包括新的突变或在特定情况下测试特定的契约。

    功能

    • 由Slither提供支持,在模糊化活动之前提取有用信息
    • 基于诅咒的回复UI、纯文本或JSON输出
    • 自动最小化测试用例,以便快速分类
    • 无缝集成到开发工作流中
    • 模糊化活动的最大气体使用量报告
    • 支持使用Etheno和Truffle进行复杂的合同初始化
    • 首先查看这些简单的针状结构不变量
    • 查看Solidity examples目录,以获取更广泛的针状结构用例

    。。以及一个漂亮的高分辨率手工制作的标志。

    屏幕截图

    Echidna: A Fast Smart Contract Fuzzer - 快速模糊合同

    执行测试运行程序

    编写不变量

    <Echidna: A Fast Smart Contract Fuzzer>

    Echidna上的崩溃课程

    核心针孔功能是一个称为针孔测试的可执行文件。echidna测试以一个契约和一系列不变量(应该始终保持为true的属性)作为输入。对于每个不变量,它生成调用契约的随机序列,并检查该不变量是否成立。如果它能找到某种方法来篡改不变量,它会打印出这样做的调用序列。如果不能的话,你可以保证合同是安全的。

    function echidna_check_balance() public returns (bool) {     return(balance >= 20); }

    不变式表示为实性函数,其名称以echidna_u开头,没有参数,返回布尔值。例如,如果某个平衡变量永远不应低于20,则可以在契约中编写一个类似这样的额外函数:

    $ echidna-test myContract.sol 

    若要检查这些不变量,请运行:

    $ echidna-test examples/solidity/basic/flags.sol 

    可以在examples/solidity/basic中找到带有测试的示例契约/旗帜.sol. 要运行它,您应该执行:

    支持智能合约构建系统

    针鼹应该找到一个调用序列,该序列有时会使针状刺错误,并且应该无法找到针状针状体的伪造输入。

    配置选项

    安装语料库收集、变异和覆盖指导,以发现更深层次的错误
  • 由Slither提供支持,在模糊化活动之前提取有用信息
  • 基于诅咒的回复UI、纯文本或JSON输出
  • 自动最小化测试用例,以便快速分类
  • 无缝集成到开发工作流中
  • 模糊化活动的最大气体使用量报告
  • 支持使用Etheno和Truffle进行复杂的合同初始化
  • 首先查看这些简单的针状结构不变量
  • 查看Solidity examples目录,以获取更广泛的针状结构用例
  • 考虑通过电子邮件发送针状结构开发团队直接提出更详细的问题
  • 我们构建的安全智能合约存储库包含一个关于针鼹的速成课程,包括示例、课程和练习。你应该从这里开始。

    $ cd examples/solidity/truffle/metacoin $ echidna-test . --contract TEST ... echidna_convert: failed!💥   Call sequence:     mint(57896044618658097711785492504343953926634992332820282019728792003956564819968) 

    Echidna可以使用crytic compile测试使用不同智能合约构建系统(包括Truffle、Deadge甚至Vyper)编译的合同。例如,我们可以使用一个具有针状结构属性的契约来测试Metacoin Truffle box中的整数溢出:

    安装语料库收集、变异和覆盖指导,以发现更深层次的错误
  • 由Slither提供支持,在模糊化活动之前提取有用信息
  • 基于诅咒的回复UI、纯文本或JSON输出
  • 自动最小化测试用例,以便快速分类
  • 无缝集成到开发工作流中
  • 模糊化活动的最大气体使用量报告
  • 支持使用Etheno和Truffle进行复杂的合同初始化
  • 首先查看这些简单的针状结构不变量
  • 查看Solidity examples目录,以获取更广泛的针状结构用例
  • 考虑通过电子邮件发送针状结构开发团队直接提出更详细的问题
  • 针状结构支持两种测试复杂契约的模式。首先,我们可以用Truffle和Etheno来描述初始化过程,并将其作为针鼹的基本状态。其次,通过在CLI中传递相应的solidity源,echidna可以调用任何具有已知ABI的契约。在您的配置中使用multi-abi:true来启用此功能。

    $ echidna-test contract.sol --contract TEST --config config.yaml 

    Echidna的CLI可用于选择协定以测试和加载配置文件。

    配置文件允许用户选择EVM和测试生成参数。在examples/solidity/basic中可以找到一个完整的带注释的配置文件的示例,该文件带有默认选项/默认值.yaml. 关于配置选项的更详细的文档可以在我们的wiki中找到。

    Campaign = {   "success"      : bool,   "error"        : string?,   "tests"        : [Test],   "seed"         : number,   "coverage"     : Coverage,   "gas_info"     : [GasInfo] } Test = {   "contract"     : string,   "name"         : string,   "status"       : string,   "error"        : string?,   "testType"     : string,   "transactions" : [Transaction]? } Transaction = {   "contract"     : string,   "function"     : string,   "arguments"    : [string]?,   "gas"          : number,   "gasprice"     : number }

    针鼹支持三种不同的输出驱动程序。有一个默认的文本驱动程序、一个json驱动程序和一个none驱动程序,这些驱动程序应该禁止所有stdout输出。JSON驱动程序报告整个活动如下。

    安装语料库收集、变异和覆盖指导,以发现更深层次的错误
  • 由Slither提供支持,在模糊化活动之前提取有用信息
  • 基于诅咒的回复UI、纯文本或JSON输出
  • 自动最小化测试用例,以便快速分类
  • 无缝集成到开发工作流中
  • 模糊化活动的最大气体使用量报告
  • 支持使用Etheno和Truffle进行复杂的合同初始化
  • 首先查看这些简单的针状结构不变量
  • 查看Solidity examples目录,以获取更广泛的针状结构用例
  • 考虑通过电子邮件发送针状结构开发团队直接提出更详细的问题
  • Precompiled binaries

    覆盖率是描述某些覆盖率增加呼叫的dict。每个GasInfo条目都是一个元组,它描述了如何达到最大的气体使用量,而且也不太重要。这些接口可能会在以后的某个日期进行更改,以便稍微更友好一些。testType将是property或assertion,并且状态总是呈现fuzzing、shrinking、solved、passed或error。

    Docker container

    在启动之前,请确保安装了Sliter(pip3 install sliter analyzer–user)。如果您想在Linux或MacOS中快速测试Echidna,我们会在Ubuntu上提供静态链接的Linux二进制文件,并且在我们的发布页面上主要提供静态MacOS二进制文件。您也可以从我们的CI管道中获取相同类型的二进制文件,只需单击commit来查找Linux或MacOS的二进制文件。

    $ docker build -t echidna . 

    如果您喜欢使用预构建的Docker容器,请登录到本地Docker客户端上的Github,并查看我们的Docker包,它也是通过Github操作自动构建的。否则,如果您想安装最新版本的Echidna,我们建议您使用docker:

    $ docker run -it -v `pwd`:/src echidna echidna-test /src/examples/solidity/basic/flags.sol 

    Building using Stack

    然后,通过以下方式运行它:

    如果您希望从源代码构建,请使用Stack。stack install应该在~/.local/bin中构建和编译echidna测试。您将需要链接到libreadline和libsecp256k1(在启用恢复的情况下构建),它们应该与您选择的包管理器一起安装。您还需要安装libff的最新版本。参考我们的CI测试以获得指导。

    有些Linux发行版不为Haskell需要的某些东西提供静态库,例如Arch Linux,这将导致堆栈构建失败并出现链接错误,因为我们使用了-static标志。从中删除这些包装.yaml如果您不是在寻找静态构建,则应该获取所有要构建的内容。

    Building using Nix

    如果在构建与链接相关的错误时,请尝试修补–extra include dirs和–extra lib dirs。

    $ nix-env -i -f https://github.com/crytic/echidna/tarball/master 

    Nix用户可以安装最新的针状体,其中:

    $ git clone https://github.com/crytic/echidna $ cd echidna $ nix-shell [nix-shell]$ cabal new-repl 

    Getting help

    可以在Nix外壳内使用Cabal来开发针鼹。Nix将自动安装开发所需的所有依赖项,包括cryticcompile和solc。一个快速的方法让GHCi和针孔针准备工作:

    • 考虑通过电子邮件发送针状结构开发团队直接提出更详细的问题
    • 首先回顾这些简单的针状结构不变量

    • 查看Solidity examples目录,了解更广泛的针状结构用例

    考虑直接向针状结构开发团队发送电子邮件,了解更多详细问题。

    部分转自网络,侵权联系删除区块链源码网

    www.interchains.cc

    https://www.interchains.cc/18483.html

    区块链毕设网(www.interchains.cc)全网最靠谱的原创区块链毕设代做网站 部分资料来自网络,侵权联系删除! 最全最大的区块链源码站 !
    区块链知识分享网, 以太坊dapp资源网, 区块链教程, fabric教程下载, 区块链书籍下载, 区块链资料下载, 区块链视频教程下载, 区块链基础教程, 区块链入门教程, 区块链资源 » Echidna: A Fast Smart Contract Fuzzer – 快速模糊合同区块链毕设代写

    提供最优质的资源集合

    立即查看 了解详情