Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/crytic/optik
Optik is a set of symbolic execution tools that assist smart-contract fuzzers
https://github.com/crytic/optik
echidna evm fuzzing maat security-tools smart-contracts symbolic-execution
Last synced: 3 days ago
JSON representation
Optik is a set of symbolic execution tools that assist smart-contract fuzzers
- Host: GitHub
- URL: https://github.com/crytic/optik
- Owner: crytic
- License: other
- Created: 2022-05-05T15:03:50.000Z (over 2 years ago)
- Default Branch: master
- Last Pushed: 2024-09-03T21:37:29.000Z (4 months ago)
- Last Synced: 2024-12-15T09:05:42.304Z (10 days ago)
- Topics: echidna, evm, fuzzing, maat, security-tools, smart-contracts, symbolic-execution
- Language: Python
- Homepage: https://github.com/crytic/optik
- Size: 594 KB
- Stars: 91
- Watchers: 6
- Forks: 12
- Open Issues: 28
-
Metadata Files:
- Readme: README.md
- Contributing: CONTRIBUTING.md
Awesome Lists containing this project
README
# Optik
**Optik** is a set of symbolic execution tools that assist smart contract fuzzers, letting them run in a _hybrid_ mode. Optik couples [Echidna](https://github.com/crytic/echidna), our smart contract fuzzer, with the [Maat](https://github.com/trailofbits/maat) symbolic executor that replays the fuzzing corpus and extends it with new inputs that increase coverage.
#### Current limitations
Optik is a work in progress and should not be used for real audits yet. Current limitations include:
- Symbolic `KECCAK` hashes are not supported
- `CREATE2`, `CALLCODE`, and `DELEGATECALL` are not yet supported
- Gas is not taken into account
- Some echidna options are not yet supported (see `hybrid-echidna -h`)## Hybrid Echidna
Optik allows to run the [Echidna](https://github.com/crytic/echidna) smart-contract
fuzzer in _hybrid_ mode. It basically couples Echidna with the [Maat](https://github.com/trailofbits/maat) symbolic executor that replays the Echidna corpus and extends it with new inputs that increase coverage.`hybrid-echidna` starts with several incremental seeding steps, where it seeds the corpus with short transactions sequences obtained by [Slither](https://github.com/crytic/slither)'s dataflow analysis, and uses symbolic execution more intensely to solve new inputs. The sequence length is incremented at each seeding step. Once it reaches a certain length threshold, `hybrid-echidna` falls back into its normal mode, starts to limit the number of symbolic inputs to solve, and stops using dataflow analysis for seeding the corpus.
### Usage
Hybrid echidna can be used seamlessly in place of regular Echidna by replacing `echidna-test` with `hybrid-echidna` in your Echidna command line.
For example:```
hybrid-echidna MyContract.sol --test-mode assertion --corpus-dir /tmp/test --contract MyContract
```Additionnal options are available in hybrid mode to control `hybrid-echidna`'s behaviour:
- `--max-iters`: maximum number of fuzzing iterations to perform (one iteration is one Echidna campaign + one symbolic executor run on the corpus)
- `--solver-timeout`: maximum time in milliseconds to spend solving each possible new input
- `--incremental-threshold`: number of initial incremental seeding steps to perform
- `--no-incremental`: skip initial incremental seeding
- `--cov-mode`: type of coverage to increase when solving new inputs. Most coverage modes are implemented for experimental purposes. Unless you are developing/hacking on Optik, we recommend to keep the default mode
Debugging, logging and terminal display:
- `--debug`: add debugging information to the log output
- `--logs`: write logs to a given file (or `stdout`)
- `--no-display`: disable the graphical terminal display
## Installation
For a quick installation, run:
```console
python3 -m pip install optik-tools
```To keep up with the latest features and fixes, install Optik from its `master` branch:
```console
git clone https://github.com/crytic/optik && cd optik
python3 -m pip install .
```You can also run it from Docker:
```console
git clone https://github.com/crytic/optik && cd optik
docker build -t crytic/optik .
docker run -it --rm --mount type=bind,source="$(pwd)",target=/workdir crytic/optik
# This runs the Docker container, mounting the local directory into /workdir
```