Releases: crytic/echidna
Echidna 2.2.6
What's Changed
- Users can now turn off the Slither integration with the
disableSlither
config option or the--disable-slither
command-line flag (#1327).- This is only intended for development, and we do not recommend doing this as it degrades fuzzing efficiency.
- Additionally, the UI now shows a visible warning when the Slither integration fails to execute for any reason.
- More statistics on exit: Echidna now prints the total call count (#1328)
- Precompiles now work correctly on Windows (#1333)
hevm
has been upgraded torelease/0.54.2
(#1331)- This
hevm
release includes fixes forprank
andstartPrank
. Pranking now applies to contract creation, andstartPrank
behavior now matches Foundry's. - Full
hevm
changelog: ethereum/hevm@f1f45d3...037ff11
- This
Full Changelog: v2.2.5...v2.2.6
Echidna 2.2.5
What's Changed
- Support Ethereum Cancun upgrade, including
MCOPY
(#1317, #1309, #1300) - Print a warning if an assert isn't hit in assert mode (#1110)
- Add support for the
vm.label
cheatcode when printing call sequences (#1314) - Add support for other cheatcodes:
startPrank
,stopPrank
,setEnv
, andenv{Bool,Uint,Int,Address,Bytes32,String,Bytes}
(#1300) - Collect coverage during contract deployment (#1304)
- Fix overflow behavior: overflows now revert the transaction, rather than causing Echidna to error (#1293)
- Add documentation (#1298)
Full Changelog: v2.2.4...v2.2.5
Echidna 2.2.4
Echidna 2.2.4 is an exciting release that brings a host of improvements in fuzzing speed and user experience. This update:
-
Boosts performance through optimized shrinking and multicore fuzzing. Adjustments made to our multi-worker implementation will provide increased performance when multiple workers are in use, meaning you can now have a faster and more scalable fuzzing experience. Echidna will now by default run between one to four workers, based on the available CPU cores. While we have set an intelligent default logic, you can continue to manually control the number of workers with the
workers
config option or--workers
CLI switch. Another welcome tweak is in the shrinking process where a single worker now handles a shrinking task to minimize contention. -
Enhances user interface with handy shortcuts, added metrics, more informative messages, and clearer error responses. The new shortcuts allow for swiftly toggling the visibility of the tests and log panels (
t
andl
). The newly introduced performance metricgas/s
should be a more user-friendly indicator of execution performance than its predecessorcalls/s
. Expect insightful time measurements when saving coverage and an added message upon saving reproducers. Last but not least, we improved the error messages in various conditions, for better clarity and ease of understanding. -
Adds initial support to TLOAD/TSTORE opcodes as we continue our work towards achieving full compatibility with Cancun. Note that other new opcodes from Cancun are still not supported, so we recommend working with solc 0.8.24 or older for the time being.
-
Introduces more configuration options including the ability to specify the Etherscan API key via the config file.
Take a peek at Echidna v2.2.4 in action fuzzing assert.sol
:
The full changelog is provided below:
Added
- Toggle tests and log panes on t and l by @arcz in #1197
- Use measureIO when saving coverage by @samalws-tob in #1202
- Adjust default GC allocation area by @elopez in #1228
- Update filterFallbacks to be selective rather than all-or-nothing by @samalws-tob in #1200
- Add symbolic execution by @samalws-tob in #1216
- Support configuring Etherscan API key via config file by @elopez in #1227
- Allow to use specific filter for direct symexec by @ggrieco-tob in #1251
- Display assertion failure immediately once falsified in text mode by @samalws-tob in #1271
- Emit log message when saving reproducers by @samalws-tob in #1273
- Emit "saved reproducer" log message as event rather than putStrLn by @samalws-tob in #1274
- Show gas per second in the UI by @samalws-tob in #1279
- Show trace on UnknownFailure by @samalws-tob in #1283
- Initial support for tstore/tload by @ggrieco-tob in #1286
- Raise default number of workers by @elopez on #1288 [BREAKING CHANGE]
Fixed
- Improve delay shrinking by @arcz in #1196
- Improved shrinking removing reverts from reproducers by @ggrieco-tob in #1250
- Shrink on one worker by @arcz in #1280
- Fix Windows support after crytic-compile changes by @elopez in #1235
- ci, release: pin macOS runners to the correct architectures by @elopez in #1244
- Avoid a crash when invalid filtering is used and provide a better error message by @ggrieco-tob in #1258
- Improve max code size error message by @arcz in #1269
- Fix MVar issue by @samalws-tob in #1281
- Minor change for symExecTimeout comments by @samalws-tob in #1285
- chore: fix some typos by @yetyear in #1215
- Fix typos by @xiaoxianBoy in #1217
- chore: remove repetitive word by @findseat in #1232
- Fix some typos in comments by @momantech in #1238
- chore: fix some comments by @cangqiaoyuzhuo in #1272
- Fix typos by @omahs in #1287
- Docs improvement by @nnsW3 in #1278
Updated
- Bump softprops/action-gh-release from 0.1.15 to 2.0.3 by @dependabot in #1203
- Bump softprops/action-gh-release from 2.0.3 to 2.0.4 by @dependabot in #1220
- Bump softprops/action-gh-release from 2.0.4 to 2.0.5 by @dependabot in #1255
- Bump softprops/action-gh-release from 2.0.5 to 2.0.6 by @dependabot in #1277
- Bump cachix/install-nix-action from 25 to 26 by @dependabot in #1204
- Bump cachix/install-nix-action from 26 to 27 by @dependabot in #1263
- Bump DeterminateSystems/magic-nix-cache-action from 3 to 4 by @dependabot in #1222
- Bump DeterminateSystems/magic-nix-cache-action from 4 to 6 by @dependabot in #1257
- Bump DeterminateSystems/magic-nix-cache-action from 6 to 7 by @dependabot in #1267
- Bump DeterminateSystems/nix-installer-action from 9 to 10 by @dependabot in #122
- Bump DeterminateSystems/nix-installer-action from 10 to 11 by @dependabot in #1256
- Bump DeterminateSystems/nix-installer-action from 11 to 12 by @dependabot in #1268
- Bump cachix/cachix-action from 14 to 15 by @dependabot in #1262
- Bump docker/build-push-action from 5 to 6 by @dependabot in #1275
- Bump sigstore/gh-action-sigstore-python from 2.1.1 to 3.0.0 by @dependabot in #1289
- Upgrade hevm to latest
echidna-patches
commit by @elopez in #1243
New Contributors
- @yetyear made their first contribution in #1215
- @xiaoxianBoy made their first contribution in #1217
- @findseat made their first contribution in #1232
- @momantech made their first contribution in #1238
- @cangqiaoyuzhuo made their first contribution in #1272
- @nnsW3 made their first contribution in #1278
Full Changelog: v2.2.3...v2.2.4
Echidna 2.2.3
What's Changed
- Bump actions/cache from 3 to 4 by @dependabot in #1173
- Refactor BuildOutput by @arcz in #1174
- Validate corpus while replaying by @arcz in #1177
- Refactor by @arcz in #1178
- Save traces for every transaction in reproducer by @arcz in #1180
- Display contract names in UI by @arcz in #1181
- Fix faulty corpus transaction detection by @arcz in #1184
- Bump DeterminateSystems/magic-nix-cache-action from 2 to 3 by @dependabot in #1186
- nix: enhance TERMINFO for Linux builds by @elopez in #1187
- Update hevm to 0.53.0 by @arcz in #1189
- Update README.md by @0xicingdeath in #1190
- Speed up shrinking in some cases by @samalws-tob in #1192
- feat: add CLI commands for RPC URL and block number by @penandlim in #1194
- Echidna 2.2.3 by @arcz in #1195
New Contributors
- @penandlim made their first contribution in #1194
Full Changelog: v2.2.2...v2.2.3
Echidna 2.2.2
What's Changed
- Save corpus and reproducers continuously (#1167)
- Deliver status information using server-sent events (#1131)
- Performance improvements for coverage collection (#1160)
- Make slither optional (#1159)
- Rich trace printing (#1157)
- Static builds and release workflow (#1133)
- Re-enables using slither for vyper files (#1108)
- Dependency updates (#1153, #1096, #1154)
Full Changelog: v2.2.1...v2.2.2
Echidna 2.2.1
What's Changed
- Shanghai fork support with hevm 0.51.3 (#1090)
- Fixed coverage collection for delegatecalls (#1083)
- Added events to JSON output (#1069)
- Changed event sequence to be displayed on new lines (#1079)
- Improved "No tests found in ABI" error message (#1077)
- Refactored code (#1070, #1074)
Full Changelog: v2.2.0...v2.2.1
Echidna 2.2.0
Echidna 2.2.0 contains significant improvements to the fuzzing speed and UX:
- Multicore fuzzing & optimized coverage collection. Those combined delivered up to 20x fuzzing speed improvement on a real-world internal benchmark. The number of workers can be configured with
workers
config option or--workers
CLI switch. Echidna runs only one worker by default, but this might change in future releases. - Lcov support. It is output by default and can be controlled with the coverageFormats config option. This enables external coverage tools such as genhtml or VSCode plugins.
- More configuration options. Added
--timeout <seconds>
CLI switch. RPC URL and block number can now be also specified in the config file for on-chain fuzzing. - UI improvements. Echidna now outputs an event log for any fuzzing breakthrough, such as new coverage. The interactive UI was significantly reworked to accommodate all the changes from this release (see the screenshot below).
Note, we changed the way reverts are shown in coverage reports. Now, only the line where a revert happened is marked, instead of the whole path.
The full changelog:
Added
- Multicore fuzzing (#963, #1033, #1026, #1035)
- Lcov format support (#1029)
- Experimental power number generator for uints (#892)
Changed
Echidna 2.1.1
This is a release focused on fixes and minor features. User facing changes include:
- Optimized the memory usage during the fuzzing campaign.
- Added initial compatibility with invariant mode from Foundry.
- Added additional information on how Echidna spend time during startup.
- Fixed several small rare crashes.
This release also include a number of refactoring changes to make the code easier to improve in future.
Added
- Added missing space in ProcessorNotFound message (#977)
- Added measurement and log of external actions (#988)
- Avoid using cheat code address to form fuzzing call sequences (#993)
- Implemented invariant testing from foundry (#989)
Changed
Echidna 2.1.0
Echidna 2.1.0 introduces on-chain fuzzing. Echidna can now run starting with an existing state provided by an external RPC service (Infura, Alchemy, local node, etc). This enables users to speed up the fuzzing setup when using already deployed contracts. For instance:
contract TestCompoundEthMint {
constructor() {
hevm.roll(16771449); // sets the correct block number
hevm.warp(1678131671); // sets the expected timestamp for the block number
}
…
Compound comp = Compound(0x4Ddc2D193948926D02f9B1fE9e1daa0718270ED5);
function assertNoBalance() public payable {
require(comp.balanceOf(address(this)) == 0);
comp.mint{value: msg.value}();
assert(comp.balanceOf(address(this)) == 0);
}
}
We can specify the RPC endpoint for Echidna to use before running the fuzzing campaign with the following environment variables:
export ECHIDNA_RPC_URL=http://.. ECHIDNA_RPC_BLOCK=16771449
And then Echidna can be executed as usual. At the end of the execution, if the source code mapping of any executed on-chain contract is available on Etherscan, it will be automatically fetched for the coverage report. Optionally, an Etherscan key can be provided using the ETHERSCAN_API_KEY
environment variable.
This release also provides experimental support for Windows binaries.
Additionally, this release also includes fixes and a large refactor of several parts of the code that will facilitate the tool development and performance improvements. Other important changes are:
echidna-test
executable was renamed asechidna
multi-abi
config keyword was renamed toallContracts
.multi-abi
still works but will be removed in future.- FFI cheat code to allow execute execution from Solidity
- Special UI screen to show when there is a crash in Echidna
Added
- On-chain fuzzing (#927, #971) [EXPERIMENTAL]
- Added Windows support (#943) [EXPERIMENTAL]
- Added scrollbar to the UI (#915)
- Added crash display to the UI (#944)
- Added human-friendly errors for panic codes (#965)
- Added support for the FFI cheatcode (#750)
Changed
- Refactored code (#903, #906, #908, #924, #925, #928, #946, #956, #966, #968)
- Updated dependencies (#942, #948)
- Build and CI improvements (#912, #914, #917, #952, #967)
- Renamed echidna-test binary to echidna (#826)
- Renamed multi-abi mode to allContracts, multi-abi still works but will be removed in future (#934)
Removed
- Removed generation of negative seeds (#933) [BREAKING CHANGE]
Fixed
Echidna 2.0.5
This release migrates Echidna to the new hevm implementation. Echidna can now use the prank cheat code that we recently added to hevm. It lets you override the msg.sender value for the next external call:
interface Hevm {
...
function prank(address) external;
}
contract Test {
Hevm hevm = Hevm(0x7109709ECfa91a80626fF3989D68f67F5b1DD12D);
function echidna_test() {
hevm.prank(0x123..);
contract.f(); // msg.sender will be 0x123..
contract.g(); // msg.sender will be address(this)
..
}
}
Prank should be used carefully since it can introduce false positives if used to simulate calls from contracts. Please refer to this documentation for the complete list of cheat codes.
The release also refactors several parts of the code to facilitate further Echidna development.
Added
- Added saving and loading of reproducers for every test (#858)
- Added events and revert reasons for any failure in the constructor (#871)
Fixed
- Optimized constant generation (#898, #900)
- Fixed how address are displayed in events (#891)
- Update hevm to 0.50 (#884, #894, #896, #897, #901)
- Fixed uninitialized sender addresses from etheno transactions (#823)
- Fixed crash when minimizing inputs during optimization tests (#837)
- Refactored code and removed useless dependencies (#856, #857, #874, #878, #895, #903)