Fuzzing Ethereum Smart Contract

Introduction

Fuzzing is known as one of the most efficient techniques to find bugs in software. Sadly, when dealing with Ethereum smart contracts, the number of fuzzers and documentation available is really limited.

Echidna

Echidna is a weird creature that eats bugs and is highly electrosensitive (with apologies to Jacob Stanley)

More seriously, Echidna is a Haskell program designed for fuzzing/property-based testing of Ethereum smart contracts. It uses sophisticated grammar-based fuzzing campaigns based on a contract ABI to falsify user-defined predicates or Solidity assertions. It is designed with modularity in mind, so it can be easily extended to include new mutations or test specific contracts in specific cases.

Installation

wget https://github.com/crytic/echidna/releases/download/v2.2.5/echidna-2.2.5-x86_64-linux.tar.gz

tar -xf echidna-2.2.5-x86_64-linux.tar.gz

./echidna

Usage

Example Solidity File

flags.sol

Running Echidna

REFERENCES

• https://github.com/crytic/echidna

• https://secure-contracts.com/program-analysis/echidna/index.html

• https://www.youtube.com/watch?v=EA8_9x4D3Vk&list=WL&index=5&ab_channel=FuzzingLabs

• https://github.com/crytic/echidna/blob/master/tests/solidity/basic/flags.sol

• https://docs.soliditylang.org/en/latest/installing-solidity.html

• https://fuzzinglabs.com/ethereum-smart-contact-fuzzing-2022/

• https://dev.to/mbogan/avoid-smart-contract-hacks-with-fuzz-testing-1a3a