Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
evm-fuzzing-resources
A curated collection of tools, articles, research, and guides for fuzzing smart contracts on the Ethereum Virtual Machine (EVM).
https://github.com/perimetersec/evm-fuzzing-resources
Last synced: about 3 hours ago
JSON representation
-
Fuzzing Software
-
Tooling
-
Libraries & Frameworks
- Chimera - Smart Contract Property-Based Testing Framework, by [Recon](https://x.com/getreconxyz)
- Fuzzlib - Solidity Fuzzing Library, by [Perimeter](https://x.com/perimeter_sec)
- CallTestAndUndo - Simple abstract contract to help write invariant tests that do not influence the story, by [Recon](https://x.com/getreconxyz)
- Chimera - Smart Contract Property-Based Testing Framework, by [Recon](https://x.com/getreconxyz)
- Fuzzlib - Solidity Fuzzing Library, by [Perimeter](https://x.com/perimeter_sec)
- CallTestAndUndo - Simple abstract contract to help write invariant tests that do not influence the story, by [Recon](https://x.com/getreconxyz)
-
Utils
- fuzz-utils - Set of Python tools to improve the developer experience when using smart contract fuzzing, by [Trail of Bits](https://x.com/trailofbits)
- CloudExec - A general purpose foundation for cloud-based fuzzing, by [Trail of Bits](https://x.com/trailofbits)
- echidna-trace-parser - A parser that converts echidna call traces into foundry PoC tests, by [Enigma Dark](https://x.com/EnigmadarkLabs)
- Echidna Coverage Reporter - A TypeScript tool to parse and analyze Echidna code coverage reports for Solidity smart contracts, by [0xsi](https://x.com/_0xsi)
- Echidna Logs Scraper - Scrape echidna logs for broken properties repros, by [Recon](https://x.com/getreconxyz)
- fuzz-utils - Set of Python tools to improve the developer experience when using smart contract fuzzing, by [Trail of Bits](https://x.com/trailofbits)
- CloudExec - A general purpose foundation for cloud-based fuzzing, by [Trail of Bits](https://x.com/trailofbits)
- echidna-trace-parser - A parser that converts echidna call traces into foundry PoC tests, by [Enigma Dark](https://x.com/EnigmadarkLabs)
- Echidna Coverage Reporter - A TypeScript tool to parse and analyze Echidna code coverage reports for Solidity smart contracts, by [0xsi](https://x.com/_0xsi)
- Echidna Logs Scraper - Scrape echidna logs for broken properties repros, by [Recon](https://x.com/getreconxyz)
-
-
Practical Code Samples
-
Utils
- List of Public Fuzzing Campaigns
- Property-based testing benchmark
- Solidity Fuzzing Challenge: Foundry vs Echidna vs Medusa (plus Halmos & Certora)
- List of Public Fuzzing Campaigns
- Property-based testing benchmark
- Solidity Fuzzing Challenge: Foundry vs Echidna vs Medusa (plus Halmos & Certora)
- Fuzzer Gas Metric Benchmark
- Reproduction of the $41M Curve reentrancy hacks on July 30 2023 using on-chain fuzzing with Echidna
- Reproduction of the $80M Rari Finance Hack on April 30 2022 using on-chain fuzzing with Echidna
- Fuzzer Gas Metric Benchmark
- Reproduction of the $41M Curve reentrancy hacks on July 30 2023 using on-chain fuzzing with Echidna
- Reproduction of the $80M Rari Finance Hack on April 30 2022 using on-chain fuzzing with Echidna
-
-
Reusable properties
-
Utils
-
-
Articles
-
Tutorials & Guides
- Echidna Tutorial
- Echidna Tutorial
- Medusa Official Documentation
- Foundry Invariant Testing Official Documentation
- Invariant Testing WETH With Foundry
- Introduction to fuzzing
- Benefits of Fuzzing
- Creating Invariant Tests for an AMM Smart Contract
- Debugging Echidna Coverage
- First Day At Invariant School
- Generating unit tests from broken stateful invariant tests
- Finding Denial of Service Bugs At Scale With Invariant Tests
- Using Echidna to test a smart contract library
- Building A Test Harness With Recon
- How To Define Invariants
- Implementing Your First Smart Contract Invariants: A Practical Guide
- 10 Steps To Easily Use 3 Fuzzers
- Invariant Testing WETH With Foundry
- Introduction to fuzzing
- Benefits of Fuzzing
- Creating Invariant Tests for an AMM Smart Contract
- Debugging Echidna Coverage
- First Day At Invariant School
- Generating unit tests from broken stateful invariant tests
- Finding Denial of Service Bugs At Scale With Invariant Tests
- Medusa Official Documentation
- Foundry Invariant Testing Official Documentation
- Using Echidna to test a smart contract library
- Building A Test Harness With Recon
- How To Define Invariants
- Implementing Your First Smart Contract Invariants: A Practical Guide
- 10 Steps To Easily Use 3 Fuzzers
-
Research & Background
- Learnings from 6 weeks of fuzzing Badger DAO's eBTC protocol
- A Guide to Crafting Robust Invariants
- Certora vs Echidna: a case study on invariant testing in eBTC
- Uniswap v3: A Fuzzing Review
- part 1 - learned-from-fuzzing-centrifuge-059) by [nican0r](https://x.com/nican0r)
- eBTC Retrospective: A reflection on lessons learned in our extended fuzzing of eBTC
- Lessons From The Fuzzing Trenches
- Finding Real Vulnerabilities with the Renzo Fuzzing Repo
- Fuzzing in the Cloud: A review of the different cloud based options for fuzzing Solidity contracts
- Corn Engagement Retrospective: Lessons learned from our engagement fuzzing the Corn protocol
- Learnings from 6 weeks of fuzzing Badger DAO's eBTC protocol
- A Guide to Crafting Robust Invariants
- Certora vs Echidna: a case study on invariant testing in eBTC
- Uniswap v3: A Fuzzing Review
- part 1 - learned-from-fuzzing-centrifuge-059) by [nican0r](https://x.com/nican0r)
- eBTC Retrospective: A reflection on lessons learned in our extended fuzzing of eBTC
- Lessons From The Fuzzing Trenches
- Finding Real Vulnerabilities with the Renzo Fuzzing Repo
- Fuzzing in the Cloud: A review of the different cloud based options for fuzzing Solidity contracts
- Corn Engagement Retrospective: Lessons learned from our engagement fuzzing the Corn protocol
-
-
Videos
-
Tutorials & Guides
- bloqarl
- part 1 - KXJE54), [part 6](https://www.youtube.com/watch?v=SSzh5GlqteI)
- bloqarl
- part 1 - KXJE54), [part 6](https://www.youtube.com/watch?v=SSzh5GlqteI)
- Invariant Testing WETH with Foundry
- Invariant Driven Development - Build a CDP system using Invariants as Safety Nets
- Invariant Testing WETH with Foundry
- Invariant Driven Development - Build a CDP system using Invariants as Safety Nets
-
Talks & Discussion
- Web3 Security: All Things Fuzzing with Victor Martinez
- Fuzzing and Heuristics interview with @devdacian
- Fuzzing Like a Degen: Building a Smart Contract Fuzzer
- All Things Fuzzing with Victor Martinez
- Advanced Fuzzing Techniques: An eBTC Case Study
- Invariant Testing Workshop
- Euler v2 Fuzzing Workshop by Víctor Martinez
- Size Credit Fuzzing Workshop
- Test your tests The dos and don'ts of testing
- Find Highs Using Invariant Fuzz Testing
- Submit your first PR to Medusa
- A glimpse into the future of invariant testing
- You should probably be fuzzing
- Echidna Made Me Do It!
- Uniswap V4: Taking Invariant Testing Where Manual Review Cannot Go
- Web3 Security: All Things Fuzzing with Victor Martinez
- Fuzzing and Heuristics interview with @devdacian
- Fuzzing Like a Degen: Building a Smart Contract Fuzzer
- All Things Fuzzing with Victor Martinez
- Advanced Fuzzing Techniques: An eBTC Case Study
- Invariant Testing Workshop
- Euler v2 Fuzzing Workshop by Víctor Martinez
- Size Credit Fuzzing Workshop
- Test your tests The dos and don'ts of testing
- Find Highs Using Invariant Fuzz Testing
- Submit your first PR to Medusa
- A glimpse into the future of invariant testing
- You should probably be fuzzing
- Echidna Made Me Do It!
- Uniswap V4: Taking Invariant Testing Where Manual Review Cannot Go
-
-
Fuzzing Background
-
Talks & Discussion
- The Fuzzing Book - Tools and Techniques for Generating Software Tests, by [Multiple Authors](https://x.com/FuzzingBook)
- The Fuzzing Book - Tools and Techniques for Generating Software Tests, by [Multiple Authors](https://x.com/FuzzingBook)
- Awesome Fuzzing - A curated list of fuzzing resources for learning Fuzzing, by [Mohammed A. Imran](https://x.com/secfigo)
- Awesome Fuzzing - A curated list of fuzzing resources for learning Fuzzing, by [Mohammed A. Imran](https://x.com/secfigo)
-
Programming Languages
Categories
Sub Categories
Keywords
solidity
16
fuzzing
14
evm
12
echidna
10
smart-contracts
8
testing
6
ethereum
6
hack
4
medusa
4
foundry
4
fuzzer
4
blockchain
4
security
2
dapp
2
dapptools
2
eth
2
framework
2
mainnet-fork
2
rust
2
seth
2
secfigo
2
fuzzing-framework
2
awesome-list
2
awesome
2
fuzz-testing-foundry
2
fuzz-testing
2
halmos
2
testing-framework
2
static-analysis
2
python
2
lsp-server
2
deployment
2
sui
2
move
2
concolic-execution
2
aptos
2
tooling
2