evm-fuzzing-resources
A curated collection of tools, articles, research, and guides for fuzzing smart contracts on the Ethereum Virtual Machine (EVM).
https://github.com/perimetersec/evm-fuzzing-resources
Last synced: 4 days ago
JSON representation
-
Tooling
-
Utils
- Recon VS Code Extension - Seamless integration of Foundry, Medusa, and Echidna, by [Recon](https://x.com/getreconxyz)
- Runes - CLI tool that converts Echidna fuzzer reproducer files to executable Foundry test files, by [Enigma Dark](https://x.com/EnigmadarkLabs)
- Echidna Logs Scraper - Scrape echidna logs for broken properties repros, by [Recon](https://x.com/getreconxyz)
- fuzz-utils - Set of Python tools to improve the developer experience when using smart contract fuzzing, by [Trail of Bits](https://x.com/trailofbits)
- CloudExec - A general purpose foundation for cloud-based fuzzing, by [Trail of Bits](https://x.com/trailofbits)
- echidna-trace-parser - A parser that converts echidna call traces into foundry PoC tests, by [Enigma Dark](https://x.com/EnigmadarkLabs)
- Echidna Coverage Reporter - A TypeScript tool to parse and analyze Echidna code coverage reports for Solidity smart contracts, by [0xsi](https://x.com/_0xsi)
- Youdusa - Generate foundry tests for failling Medusa call sequences, by [Wonderland](https://x.com/DeFi_Wonderland)
- echidna-trace-parser - A parser that converts echidna call traces into foundry PoC tests, by [Enigma Dark](https://x.com/EnigmadarkLabs)
-
Libraries & Frameworks
- Universal Fuzzing - Echidna fuzzing template, by [Guardian Audits](https://x.com/GuardianAudits)
- CallTestAndUndo - Simple abstract contract to help write invariant tests that do not influence the story, by [Recon](https://x.com/getreconxyz)
- Chimera - Smart Contract Property-Based Testing Framework, by [Recon](https://x.com/getreconxyz)
- Fuzzlib - Solidity Fuzzing Library, by [Perimeter](https://x.com/perimeter_sec)
- Arachne - Scaffolding framework for large-scale fuzzing suites, by [Perimeter](https://x.com/perimeter_sec)
- Medusa Template Generator - Generate a set of contracts for a Medusa testing campaign following Wonderland usage, by [Wonderland](https://x.com/DeFi_Wonderland)
-
-
Articles
-
Tutorials & Guides
- Introducing Create Chimera App V2
- Advanced Fuzzing Tips using Chimera
- Exploiting Precision Loss via Fuzz Testing
- Echidna Tutorial
- Medusa Official Documentation
- Foundry Invariant Testing Official Documentation
- Benefits of Fuzzing
- Creating Invariant Tests for an AMM Smart Contract
- Debugging Echidna Coverage
- First Day At Invariant School
- Generating unit tests from broken stateful invariant tests
- Finding Denial of Service Bugs At Scale With Invariant Tests
- Using Echidna to test a smart contract library
- Invariant Testing WETH With Foundry
- Introduction to fuzzing
- Building A Test Harness With Recon
- How To Define Invariants
- Implementing Your First Smart Contract Invariants: A Practical Guide
- 10 Steps To Easily Use 3 Fuzzers
-
Research & Background
- The call for invariant-driven development
- Why Audited Projects Are Getting Hacked & How To Avoid It (Invariants)
- The Bug That Was Missed - How fuzzing for preconditions can lead to high severity vulnerabilities
- eBTC Retrospective: A reflection on lessons learned in our extended fuzzing of eBTC
- Lessons From The Fuzzing Trenches
- Finding Real Vulnerabilities with the Renzo Fuzzing Repo
- Fuzzing in the Cloud: A review of the different cloud based options for fuzzing Solidity contracts
- Corn Engagement Retrospective: Lessons learned from our engagement fuzzing the Corn protocol
- Learnings from 6 weeks of fuzzing Badger DAO's eBTC protocol
- A Guide to Crafting Robust Invariants
- Certora vs Echidna: a case study on invariant testing in eBTC
- Uniswap v3: A Fuzzing Review
- part 1 - learned-from-fuzzing-centrifuge-059) by [nican0r](https://x.com/nican0r)
- Manually Guided Fuzzing: A New Approach in Smart Contract Testing
- Fuzzing vs. Formal Verification Discussion
-
-
Reusable properties
-
Utils
- ERCx Token Test Library - A reusable collection of Foundry tests for several ERC token standards, by [Runtime Vеrification](https://x.com/rv_inc)
- ERC7540
- ABDKMath64x64
-
-
Videos
-
Tutorials & Guides
- Fuzzing for Security Researchers
- part 1 - KXJE54), [part 6](https://www.youtube.com/watch?v=SSzh5GlqteI)
- bloqarl
- Invariant Testing WETH with Foundry
- Invariant Driven Development - Build a CDP system using Invariants as Safety Nets
- Wake Framework - Swiss Knife to Ethereum Tooling
- Learn how to fuzz like a pro - Fuzzing workshop, by [Trail of Bits](https://x.com/trailofbits)
- Invariant Driven Development - Build a CDP system using Invariants as Safety Nets
-
Talks & Discussion
- Invariant Testing - Fuzzing Defi Protocols
- Submit your first PR to Medusa
- Web3 Security: All Things Fuzzing with Victor Martinez
- Fuzzing and Heuristics interview with @devdacian
- Fuzzing Like a Degen: Building a Smart Contract Fuzzer
- All Things Fuzzing with Victor Martinez
- Advanced Fuzzing Techniques: An eBTC Case Study
- Invariant Testing Workshop
- Euler v2 Fuzzing Workshop by Víctor Martinez
- Size Credit Fuzzing Workshop
- Test your tests The dos and don'ts of testing
- Find Highs Using Invariant Fuzz Testing
- A glimpse into the future of invariant testing
- You should probably be fuzzing
- Echidna Made Me Do It!
- Uniswap V4: Taking Invariant Testing Where Manual Review Cannot Go
- The Efficacy of Fuzzing
- Uncover Hidden Bugs with Fuzzing
- Fuzzing Like a Degen: Building a Smart Contract Fuzzer
- All Things Fuzzing with Victor Martinez
- Advanced Fuzzing Techniques: An eBTC Case Study
- Invariant Testing Workshop
- Euler v2 Fuzzing Workshop by Víctor Martinez
- Size Credit Fuzzing Workshop
- Find Highs Using Invariant Fuzz Testing
- Submit your first PR to Medusa
- A glimpse into the future of invariant testing
- You should probably be fuzzing
- Echidna Made Me Do It!
- Uniswap V4: Taking Invariant Testing Where Manual Review Cannot Go
-
-
Fuzzing Software
-
Practical Code Samples
-
Utils
- List of Public Fuzzing Campaigns
- Property-based testing benchmark
- Solidity Fuzzing Challenge: Foundry vs Echidna vs Medusa (plus Halmos & Certora)
- Fuzzer Gas Metric Benchmark
- Reproduction of the $41M Curve reentrancy hacks on July 30 2023 using on-chain fuzzing with Echidna
- Reproduction of the $80M Rari Finance Hack on April 30 2022 using on-chain fuzzing with Echidna
-
-
Fuzzing Background
-
Talks & Discussion
- The Fuzzing Book - Tools and Techniques for Generating Software Tests, by [Multiple Authors](https://x.com/FuzzingBook)
- Awesome Fuzzing - A curated list of fuzzing resources for learning Fuzzing, by [Mohammed A. Imran](https://x.com/secfigo)
-
Programming Languages
Categories
Sub Categories
Keywords
fuzzing
9
solidity
9
evm
8
echidna
8
foundry
5
smart-contracts
4
ethereum
4
medusa
4
testing
3
hack
2
blockchain
2
fuzzer
2
fuzzing-framework
1
awesome-list
1
awesome
1
tooling
1
seth
1
rust
1
mainnet-fork
1
framework
1
eth
1
dapptools
1
dapp
1
alloy
1
developer-tools
1
gas
1
benchmark
1
fuzz-testing-foundry
1
fuzz-testing
1
library
1
halmos
1
testing-framework
1
static-analysis
1
python
1
lsp-server
1
deployment
1
sui
1
move
1
concolic-execution
1
aptos
1
security
1
secfigo
1