{"id":13538941,"url":"https://github.com/crytic/echidna","last_synced_at":"2025-05-13T17:13:25.276Z","repository":{"id":37270206,"uuid":"101585932","full_name":"crytic/echidna","owner":"crytic","description":"Ethereum smart contract fuzzer","archived":false,"fork":false,"pushed_at":"2025-05-02T18:51:24.000Z","size":2535,"stargazers_count":2877,"open_issues_count":151,"forks_count":396,"subscribers_count":56,"default_branch":"master","last_synced_at":"2025-05-02T19:37:48.191Z","etag":null,"topics":["ethereum","evm","fuzzer","security","smart-contracts","solidity","testing"],"latest_commit_sha":null,"homepage":"https://secure-contracts.com/program-analysis/echidna/index.html","language":"Haskell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"agpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/crytic.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":"CODEOWNERS","security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2017-08-27T23:13:10.000Z","updated_at":"2025-05-01T03:46:13.000Z","dependencies_parsed_at":"2023-10-20T19:06:40.362Z","dependency_job_id":"df5636e5-56ab-443c-8ee0-a94cefdb90c6","html_url":"https://github.com/crytic/echidna","commit_stats":{"total_commits":1147,"total_committers":57,"mean_commits":20.12280701754386,"dds":0.8125544899738448,"last_synced_commit":"73819e31cdd9ae908f1c3f5c901247d184201620"},"previous_names":["trailofbits/echidna"],"tags_count":35,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/crytic%2Fechidna","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/crytic%2Fechidna/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/crytic%2Fechidna/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/crytic%2Fechidna/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/crytic","download_url":"https://codeload.github.com/crytic/echidna/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":253990492,"owners_count":21995776,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["ethereum","evm","fuzzer","security","smart-contracts","solidity","testing"],"created_at":"2024-08-01T09:01:18.010Z","updated_at":"2025-05-13T17:13:20.246Z","avatar_url":"https://github.com/crytic.png","language":"Haskell","readme":"# Echidna: A Fast Smart Contract Fuzzer \u003ca href=\"https://raw.githubusercontent.com/crytic/echidna/master/echidna.png\"\u003e\u003cimg src=\"https://raw.githubusercontent.com/crytic/echidna/master/echidna.png\" width=\"75\"/\u003e\u003c/a\u003e\n\n![Build Status](https://github.com/crytic/echidna/workflows/CI/badge.svg)\n\nEchidna is a weird creature that eats bugs and is highly electrosensitive (with apologies to Jacob Stanley)\n\nMore seriously, Echidna is a Haskell program designed for fuzzing/property-based testing of Ethereum smart contracts. It uses sophisticated grammar-based fuzzing campaigns based on a [contract ABI](https://docs.soliditylang.org/en/develop/abi-spec.html) to falsify user-defined predicates or [Solidity assertions](https://docs.soliditylang.org/en/develop/control-structures.html#error-handling-assert-require-revert-and-exceptions). We designed Echidna with modularity in mind, so it can be easily extended to include new mutations or test specific contracts in specific cases.\n\n## Features\n\n* Generates inputs tailored to your actual code\n* Optional corpus collection, mutation and coverage guidance to find deeper bugs\n* Powered by [Slither](https://github.com/crytic/slither) to extract useful information before the fuzzing campaign\n* Source code integration to identify which lines are covered after the fuzzing campaign\n* Interactive terminal UI, text-only or JSON output\n* Automatic test case minimization for quick triage\n* Seamless integration into the development workflow\n* Maximum gas usage reporting of the fuzzing campaign\n* Support for a complex contract initialization with [Etheno](https://github.com/crytic/etheno) and Truffle\n\n.. and [a beautiful high-resolution handcrafted logo](https://raw.githubusercontent.com/crytic/echidna/master/echidna.png).\n\n\u003ca href=\"https://i.imgur.com/saFWti4.png\"\u003e\u003cimg src=\"https://i.imgur.com/saFWti4.png\" width=\"650\"/\u003e\u003c/a\u003e\n\n## Usage\n\n### Executing the test runner\n\nThe core Echidna functionality is an executable called `echidna`, which takes a contract and a list\nof invariants (properties that should always remain true) as input. For each invariant, it generates\nrandom sequences of calls to the contract and checks if the invariant holds. If it can find some way\nto falsify the invariant, it prints the call sequence that does so. If it can't, you have some\nassurance the contract is safe.\n\n### Writing invariants\n\nInvariants are expressed as Solidity functions with names that begin with `echidna_`, have no arguments, and return a boolean. For example, if you have some `balance` variable that should never go below `20`, you can write an extra function in your contract like this one:\n\n```solidity\nfunction echidna_check_balance() public returns (bool) {\n    return(balance \u003e= 20);\n}\n```\n\nTo check these invariants, run:\n\n```sh\n$ echidna myContract.sol\n```\n\nAn example contract with tests can be found [tests/solidity/basic/flags.sol](tests/solidity/basic/flags.sol). To run it, you should execute:\n\n```sh\n$ echidna tests/solidity/basic/flags.sol\n```\n\nEchidna should find a call sequence that falsifies `echidna_sometimesfalse` and should be unable to find a falsifying input for `echidna_alwaystrue`.\n\n### Collecting and visualizing coverage\n\nAfter finishing a campaign, Echidna can save a coverage maximizing **corpus** in a special directory specified with the `corpusDir` config option. This directory will contain two entries: (1) a directory named `coverage` with JSON files that can be replayed by Echidna and (2) a plain-text file named `covered.txt`, a copy of the source code with coverage annotations.\n\nIf you run `tests/solidity/basic/flags.sol` example, Echidna will save a few files serialized transactions in the `coverage` directory and a `covered.$(date +%s).txt` file with the following lines:\n\n```text\n*r  |  function set0(int val) public returns (bool){\n*   |    if (val % 100 == 0)\n*   |      flag0 = false;\n  }\n\n*r  |  function set1(int val) public returns (bool){\n*   |    if (val % 10 == 0 \u0026\u0026 !flag0)\n*   |      flag1 = false;\n  }\n```\n\nOur tool signals each execution trace in the corpus with the following \"line marker\":\n\n* `*` if an execution ended with a STOP\n* `r` if an execution ended with a REVERT\n* `o` if an execution ended with an out-of-gas error\n* `e` if an execution ended with any other error (zero division, assertion failure, etc)\n\n### Support for smart contract build systems\n\nEchidna can test contracts compiled with different smart contract build systems, including [Foundry](https://book.getfoundry.sh/), [Hardhat](https://hardhat.org/), and [Truffle](https://archive.trufflesuite.com/), using [crytic-compile](https://github.com/crytic/crytic-compile). To invoke Echidna with the current compilation framework, use `echidna .`.\n\nOn top of that, Echidna supports two modes of testing complex contracts. Firstly, one can [describe an initialization procedure with Truffle and Etheno](https://github.com/crytic/building-secure-contracts/blob/master/program-analysis/echidna/advanced/end-to-end-testing.md) and use that as the base state for Echidna. Secondly, Echidna can call into any contract with a known ABI by passing in the corresponding Solidity source in the CLI. Use `allContracts: true` in your config to turn this on.\n\n### Crash course on Echidna\n\nOur [Building Secure Smart Contracts](https://github.com/crytic/building-secure-contracts/tree/master/program-analysis/echidna#echidna-tutorial) repository contains a crash course on Echidna, including examples, lessons and exercises.\n\n### Using Echidna in a GitHub Actions workflow\n\nThere is an Echidna action which can be used to run `echidna` as part of a\nGitHub Actions workflow. Please refer to the\n[crytic/echidna-action](https://github.com/crytic/echidna-action) repository for\nusage instructions and examples.\n\n### Configuration options\n\nEchidna's CLI can be used to choose the contract to test and load a\nconfiguration file.\n\n```sh\n$ echidna contract.sol --contract TEST --config config.yaml\n```\n\nThe configuration file allows users to choose EVM and test generation\nparameters. An example of a complete and annotated config file with the default\noptions can be found at\n[tests/solidity/basic/default.yaml](tests/solidity/basic/default.yaml).\nSee the [documentation](https://secure-contracts.com/program-analysis/echidna/configuration.html)\nfor more detailed information on the available configuration options.\n\nEchidna supports three different output drivers. There is the default `text`\ndriver, a `json` driver, and a `none` driver, which should suppress all\n`stdout` output. The JSON driver reports the overall campaign as follows.\n\n```\nCampaign = {\n  \"success\"      : bool,\n  \"error\"        : string?,\n  \"tests\"        : [Test],\n  \"seed\"         : number,\n  \"coverage\"     : Coverage,\n  \"gas_info\"     : [GasInfo]\n}\nTest = {\n  \"contract\"     : string,\n  \"name\"         : string,\n  \"status\"       : string,\n  \"error\"        : string?,\n  \"testType\"     : string,\n  \"transactions\" : [Transaction]?\n}\nTransaction = {\n  \"contract\"     : string,\n  \"function\"     : string,\n  \"arguments\"    : [string]?,\n  \"gas\"          : number,\n  \"gasprice\"     : number\n}\n```\n\n`Coverage` is a dict describing certain coverage-increasing calls.\nEach `GasInfo` entry is a tuple that describes how maximal\ngas usage was achieved, and is also not too important. These interfaces are\nsubject to change to be slightly more user-friendly at a later date. `testType`\nwill either be `property` or `assertion`, and `status` always takes on either\n`fuzzing`, `shrinking`, `solved`, `passed`, or `error`.\n\n### Debugging Performance Problems\n\nOne way to diagnose Echidna's performance issues is to run `echidna` with profiling on.\nTo run Echidna with basic profiling, add `+RTS -p -s` to your original `echidna` command:\n\n```sh\n$ nix develop # alternatively nix-shell\n$ cabal --enable-profiling run echidna -- ... +RTS -p -s\n$ less echidna.prof\n```\n\nThis produces a report file (`echidna.prof`), that shows which functions take up the most CPU and memory usage.\n\nIf the basic profiling doesn't help, you can use more [advanced profiling techniques](https://haskell.foundation/hs-opt-handbook.github.io/src/Measurement_Observation/Haskell_Profiling/eventlog.html).\n\nCommon causes for performance issues that we observed:\n\n- Costly functions called in hot paths\n- Lazy data constructors that accumulate thunks\n- Inefficient data structures used in hot paths\n\nChecking for these is a good place to start. If you suspect some computation is too lazy and\nleaks memory, you can use `force` from `Control.DeepSeq` to make sure it gets evaluated.\n\n## Limitations and known issues\n\nEVM emulation and testing are hard. Echidna has some limitations in the latest release. Some of\nthese are inherited from [hevm](https://github.com/ethereum/hevm) while some are results from\ndesign/performance decisions or simply bugs in our code. We list them here including their\ncorresponding issue and the status (\"wont fix\", \"on hold\", \"in review\", \"fixed\"). Issues that are\n\"fixed\" are expected to be included in the next Echidna release.\n\n| Description | Issue | Status |\n| :---        | :---: | :---:  |\n| Vyper support is limited | [#652](https://github.com/crytic/echidna/issues/652) | *wont fix* |\n| Limited library support for testing | [#651](https://github.com/crytic/echidna/issues/651) | *wont fix* |\n\n## Installation\n\n### Precompiled binaries\n\nBefore starting, make sure Slither is [installed](https://github.com/crytic/slither) (`pip3 install slither-analyzer --user`).\nIf you want to quickly test Echidna in Linux or MacOS, we provide statically linked Linux binaries built on Ubuntu and mostly static MacOS binaries on our [releases page](https://github.com/crytic/echidna/releases). You can also grab the same type of binaries from our [CI pipeline](https://github.com/crytic/echidna/actions?query=workflow%3ACI+branch%3Amaster+event%3Apush), just click the commit to find binaries for Linux or MacOS.\n\n### Homebrew (macOS / Linux)\n\nIf you have Homebrew installed on your Mac or Linux machine, you can install Echidna and all of its dependencies (Slither, crytic-compile) by running `brew install echidna`.\n\nYou can also compile and install the latest `master` branch code by running `brew install --HEAD echidna`\n\nYou can get further information in the [`echidna` Homebrew Formula](https://formulae.brew.sh/formula/echidna) page. The formula itself is maintained as part of the [homebrew-core repository](https://github.com/Homebrew/homebrew-core/blob/HEAD/Formula/e/echidna.rb)\n\n### Docker container\n\nIf you prefer to use a pre-built Docker container, check out our [docker\npackage](https://github.com/orgs/crytic/packages?repo_name=echidna), which is\nauto-built via GitHub Actions. The `echidna` container is based on\n`ubuntu:focal` and it is meant to be a small yet flexible enough image to use\nEchidna on. It provides a pre-built version of `echidna`, as well as\n`slither`, `crytic-compile`, `solc-select` and `nvm` under 200 MB.\n\nNote that the container images currently only build on x86 systems. Running them\non ARM devices, such as Mac M1 systems, is not recommended due to the performance\nloss incurred by the CPU emulation.\n\nDifferent tags are available for the Docker container image:\n\n| Tag           | Build in tag\n|---------------|-------------\n| `vx.y.z`      | Build corresponding to release `vx.y.z`\n| `latest`      | Latest Echidna tagged release.\n| `edge`        | Most recent commit on the default branch.\n| `testing-foo` | Testing build based on the `foo` branch.\n\nTo run the container with the latest Echidna version interactively, you can use\nsomething like the following command. It will map the current directory as\n`/src` inside the container, and give you a shell where you can use\n`echidna`:\n\n```sh\n$ docker run --rm -it -v `pwd`:/src ghcr.io/crytic/echidna/echidna\n```\n\nOtherwise, if you want to locally build the latest version of Echidna, we\nrecommend using Docker. From within a clone of this repository, run the\nfollowing command to build the Docker container image:\n\n```sh\n$ docker build -t echidna -f docker/Dockerfile --target final-ubuntu .\n```\n\nThen, you can run the `echidna` image locally. For example, to install solc\n0.5.7 and check `tests/solidity/basic/flags.sol`, you can run:\n\n```sh\n$ docker run -it -v `pwd`:/src echidna bash -c \"solc-select install 0.5.7 \u0026\u0026 solc-select use 0.5.7 \u0026\u0026 echidna /src/tests/solidity/basic/flags.sol\"\n```\n\n### Building using Stack\n\nIf you'd prefer to build from source, use [Stack](https://docs.haskellstack.org/en/stable/). `stack install` should build and compile `echidna` in `~/.local/bin`. You will need to link against libreadline and libsecp256k1 (built with recovery enabled), which should be installed with the package manager of your choosing. You also need to install the latest release of [libff](https://github.com/scipr-lab/libff). Refer to our [CI tests](.github/scripts/install-libff.sh) for guidance.\n\nSome Linux distributions do not ship static libraries for certain things that Haskell needs, e.g. Arch Linux, which will cause `stack build` to fail with linking errors because we use the `-static` flag. In that case, use `--flag echidna:-static` to produce a dynamically linked binary.\n\nIf you're getting errors building related to linking, try tinkering with `--extra-include-dirs` and `--extra-lib-dirs`.\n\n### Building using Nix (works natively on Apple M1 systems)\n\n[Nix users](https://nixos.org/download/) can install the latest Echidna with:\n\n```sh\n$ nix-env -i -f https://github.com/crytic/echidna/tarball/master\n```\n\nWith flakes enabled, you can run Echidna straight from this repo:\n```sh\n$ nix run github:crytic/echidna # master\n$ nix run github:crytic/echidna/v2.1.1 # specific ref (tag/branch/commit)\n```\n\nTo build a standalone release for non-Nix macOS systems, the following will\nbuild Echidna in a mostly static binary. This can also be used on Linux systems\nto produce a fully static binary.\n\n```sh\n$ nix build .#echidna-redistributable\n```\n\nNix will automatically install all the dependencies required for development\nincluding `crytic-compile` and `solc`. A quick way to start developing Echidna:\n\n```sh\n$ git clone https://github.com/crytic/echidna\n$ cd echidna\n$ nix develop # alternatively nix-shell\n[nix-shell]$ cabal run echidna\n[nix-shell]$ cabal run tests\n[nix-shell]$ cabal new-repl\n```\n\n## Public use of Echidna\n\n### Property testing suites\n\nThis is a partial list of smart contracts projects that use Echidna for testing:\n\n* [Curvance](https://github.com/curvance/Curvance-CantinaCompetition/tree/CodeFAQAndAdjustments/tests/fuzzing)\n* [Primitive](https://github.com/primitivefinance/rmm-core/tree/main/contracts/crytic)\n* [Uniswap-v3](https://github.com/search?q=org%3AUniswap+echidna\u0026type=commits)\n* [Balancer](https://github.com/balancer/balancer-core/tree/master/echidna)\n* [MakerDAO vest](https://github.com/makerdao/dss-vest/pull/16)\n* [Optimism DAI Bridge](https://github.com/makerdao/optimism-dai-bridge/blob/master/contracts/test/DaiEchidnaTest.sol)\n* [WETH10](https://github.com/WETH10/WETH10/tree/main/contracts/fuzzing)\n* [Yield](https://github.com/yieldprotocol/fyDai/pull/312)\n* [Convexity Protocol](https://github.com/opynfinance/ConvexityProtocol/tree/dev/contracts/echidna)\n* [Aragon Staking](https://github.com/aragon/staking/blob/82bf54a3e11ec4e50d470d66048a2dd3154f940b/packages/protocol/contracts/test/lib/EchidnaStaking.sol)\n* [Centre Token](https://github.com/circlefin/stablecoin-evm/tree/release-2024-03-15T223309/echidna_tests)\n* [Tokencard](https://github.com/tokencard/contracts/tree/master/tools/echidna)\n* [Minimalist USD Stablecoin](https://github.com/usmfum/USM/pull/41)\n\n### Security reviews\n\nThe following shows public security reviews that used Echidna to uncover vulnerabilities\n\n- [Advanced Blockchain](https://github.com/trailofbits/publications/blob/master/reviews/AdvancedBlockchain.pdf)\n- [Amp](https://github.com/trailofbits/publications/blob/master/reviews/amp.pdf)\n- [Ampleforth](https://github.com/trailofbits/publications/blob/master/reviews/ampleforth.pdf)\n- [Atlendis](https://github.com/trailofbits/publications/blob/master/reviews/2023-03-atlendis-atlendissmartcontracts-securityreview.pdf)\n- [Balancer](https://github.com/trailofbits/publications/blob/master/reviews/2021-04-balancer-balancerv2-securityreview.pdf)\n- [Basis](https://github.com/trailofbits/publications/blob/master/reviews/basis.pdf)\n- [Dai](https://github.com/trailofbits/publications/blob/master/reviews/mc-dai.pdf)\n- [Frax](https://github.com/trailofbits/publications/blob/master/reviews/FraxQ22022.pdf)\n- [Liquity](https://github.com/trailofbits/publications/blob/master/reviews/LiquityProtocolandStabilityPoolFinalReport.pdf)\n- [LooksRare](https://github.com/trailofbits/publications/blob/master/reviews/LooksRare.pdf)\n- [Maple](https://github.com/trailofbits/publications/blob/master/reviews/2022-03-maplefinance-securityreview.pdf)\n- [Optimism](https://github.com/trailofbits/publications/blob/master/reviews/2022-11-optimism-securityreview.pdf)\n- [Opyn](https://github.com/trailofbits/publications/blob/master/reviews/Opyn.pdf)\n- [Origin Dollar](https://github.com/trailofbits/publications/blob/master/reviews/OriginDollar.pdf)\n- [Origin](https://github.com/trailofbits/publications/blob/master/reviews/origin.pdf)\n- [Paxos](https://github.com/trailofbits/publications/blob/master/reviews/paxos.pdf)\n- [Primitive](https://github.com/trailofbits/publications/blob/master/reviews/Primitive.pdf)\n- [RocketPool](https://github.com/trailofbits/publications/blob/master/reviews/RocketPool.pdf)\n- [Seaport](https://github.com/trailofbits/publications/blob/master/reviews/SeaportProtocol.pdf)\n- [Set Protocol](https://github.com/trailofbits/publications/blob/master/reviews/setprotocol.pdf)\n- [Shell protocol](https://github.com/trailofbits/publications/blob/master/reviews/ShellProtocolv2.pdf)\n- [Sherlock](https://github.com/trailofbits/publications/blob/master/reviews/Sherlockv2.pdf)\n- [Pegasys Pantheon](https://github.com/trailofbits/publications/blob/master/reviews/pantheon.pdf)\n- [TokenCard](https://github.com/trailofbits/publications/blob/master/reviews/TokenCard.pdf)\n- [Uniswap](https://github.com/trailofbits/publications/blob/master/reviews/UniswapV3Core.pdf)\n- [Yearn](https://github.com/trailofbits/publications/blob/master/reviews/YearnV2Vaults.pdf)\n- [Yield](https://github.com/trailofbits/publications/blob/master/reviews/YieldProtocol.pdf)\n- [88mph](https://github.com/trailofbits/publications/blob/master/reviews/88mph.pdf)\n- [0x](https://github.com/trailofbits/publications/blob/master/reviews/0x-protocol.pdf)\n\n### Trophies\n\nThe following security vulnerabilities were found by Echidna. If you found a security vulnerability using our tool, please submit a PR with the relevant information.\n\n| Project | Vulnerability | Date |\n|--|--|--|\n[0x Protocol](https://github.com/trailofbits/publications/blob/master/reviews/0x-protocol.pdf) | If an order cannot be filled, then it cannot be canceled | Oct 2019\n[0x Protocol](https://github.com/trailofbits/publications/blob/master/reviews/0x-protocol.pdf) | If an order can be partially filled with zero, then it can be partially filled with one token | Oct 2019\n[0x Protocol](https://github.com/trailofbits/publications/blob/master/reviews/0x-protocol.pdf) | The cobbdouglas function does not revert when valid input parameters are used | Oct 2019\n[Balancer Core](https://github.com/trailofbits/publications/blob/master/reviews/BalancerCore.pdf) | An attacker cannot steal assets from a public pool | Jan 2020\n[Balancer Core](https://github.com/trailofbits/publications/blob/master/reviews/BalancerCore.pdf) | An attacker cannot generate free pool tokens with joinPool | Jan 2020\n[Balancer Core](https://github.com/trailofbits/publications/blob/master/reviews/BalancerCore.pdf) | Calling joinPool-exitPool does not lead to free pool tokens | Jan 2020\n[Balancer Core](https://github.com/trailofbits/publications/blob/master/reviews/BalancerCore.pdf) |  Calling exitswapExternAmountOut does not lead to free assets | Jan 2020\n[Liquity Dollar](https://github.com/trailofbits/publications/blob/master/reviews/Liquity.pdf) | [Closing troves require to hold the full amount of LUSD minted](https://github.com/liquity/dev/blob/echidna_ToB_final/packages/contracts/contracts/TestContracts/E2E.sol#L242-L298) | Dec 2020\n[Liquity Dollar](https://github.com/trailofbits/publications/blob/master/reviews/Liquity.pdf) | [Troves can be improperly removed](https://github.com/liquity/dev/blob/echidna_ToB_final/packages/contracts/contracts/TestContracts/E2E.sol#L242-L298) | Dec 2020\n[Liquity Dollar](https://github.com/trailofbits/publications/blob/master/reviews/Liquity.pdf) | Initial redeem can revert unexpectedly | Dec 2020\n[Liquity Dollar](https://github.com/trailofbits/publications/blob/master/reviews/Liquity.pdf) | Redeem without redemptions might still return success | Dec 2020\n[Origin Dollar](https://github.com/trailofbits/publications/blob/master/reviews/OriginDollar.pdf) | Users are allowed to transfer more tokens that they have | Nov 2020\n[Origin Dollar](https://github.com/trailofbits/publications/blob/master/reviews/OriginDollar.pdf) | User balances can be larger than total supply | Nov 2020\n[Yield Protocol](https://github.com/trailofbits/publications/blob/master/reviews/YieldProtocol.pdf) | Arithmetic computation for buying and selling tokens is imprecise | Aug 2020\n\n### Research\n\nWe can also use Echidna to reproduce research examples from smart contract fuzzing papers to show how quickly it can find the solution. All of these can be solved, in a few seconds to one or two minutes on a laptop computer.\n\n| Source | Code\n|--|--\n[Using automatic analysis tools with MakerDAO contracts](https://forum.openzeppelin.com/t/using-automatic-analysis-tools-with-makerdao-contracts/1021) | [SimpleDSChief](https://github.com/crytic/echidna/blob/master/tests/solidity/research/vera_dschief.sol)\n[Integer precision bug in Sigma Prime](https://github.com/muellerberndt/sabre#example-2-integer-precision-bug) | [VerifyFunWithNumbers](https://github.com/crytic/echidna/blob/master/tests/solidity/research/solcfuzz_funwithnumbers.sol)\n[Learning to Fuzz from Symbolic Execution with Application to Smart Contracts](https://files.sri.inf.ethz.ch/website/papers/ccs19-ilf.pdf) | [Crowdsale](https://github.com/crytic/echidna/blob/master/tests/solidity/research/ilf_crowdsale.sol)\n[Harvey: A Greybox Fuzzer for Smart Contracts](https://arxiv.org/abs/1905.06944) | [Foo](https://github.com/crytic/echidna/blob/master/tests/solidity/research/harvey_foo.sol), [Baz](https://github.com/crytic/echidna/blob/master/tests/solidity/research/harvey_baz.sol)\n\n### Academic Publications\n\n| Paper Title | Venue | Publication Date |\n| --- | --- | --- |\n| [echidna-parade: Diverse multicore smart contract fuzzing](https://agroce.github.io/issta21.pdf) | [ISSTA 2021](https://conf.researchr.org/home/issta-2021) | July 2021 |\n| [Echidna: Effective, usable, and fast fuzzing for smart contracts](https://agroce.github.io/issta20.pdf) | [ISSTA 2020](https://conf.researchr.org/home/issta-2020) | July 2020 |\n| [Echidna: A Practical Smart Contract Fuzzer](https://github.com/trailofbits/publications/blob/master/papers/echidna_fc_poster.pdf) | [FC 2020](https://fc20.ifca.ai/program.html) | Feb 2020 |\n\nIf you are using Echidna for academic work, consider applying to the [Crytic $10k Research Prize](https://blog.trailofbits.com/2019/11/13/announcing-the-crytic-10k-research-prize/).\n\n## Getting help\n\nFeel free to stop by our #ethereum slack channel in [Empire Hacking](https://slack.empirehacking.nyc/) for help using or extending Echidna.\n\n* Get started by reviewing these simple [Echidna invariants](tests/solidity/basic/flags.sol)\n\n* Considering [emailing](mailto:echidna-dev@trailofbits.com) the Echidna development team directly for more detailed questions\n\n## License\n\nEchidna is licensed and distributed under the [AGPLv3 license](https://github.com/crytic/echidna/blob/master/LICENSE).\n","funding_links":[],"categories":["\u003ca id=\"683b645c2162a1fce5f24ac2abfa1973\"\u003e\u003c/a\u003e漏洞\u0026\u0026漏洞管理\u0026\u0026漏洞发现/挖掘\u0026\u0026漏洞开发\u0026\u0026漏洞利用\u0026\u0026Fuzzing","Tools","Solidity","dApps directory","Haskell","四、安全开发与审计（重中之重）","Testing and Auditing","开源项目","Fuzzing Software","\u003ca name=\"tools\"\u003e\u003c/a\u003e Tools","Fuzzing Tools","Security Analysis Tools","Code Analyzers"],"sub_categories":["功能","Fuzzing Tools","Fuzz Testing","2. 审计工具与资源","安全审计","Mainstream Fuzzers","\u003ca name=\"fuzzers\"\u003e Fuzzers","Programming Languages that Compile zk-SNARK Circuits and Proofs"],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcrytic%2Fechidna","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fcrytic%2Fechidna","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcrytic%2Fechidna/lists"}