search

Ackee-Blockchain / wake

Wake is a Python-based Solidity development and testing framework with built-in vulnerability detectors
https://ackee.xyz/wake/docs/latest/
ISC License
218 stars 25 forks source link
deployment lsp-server python solidity static-analysis testing testing-framework

readme

Wake, a Python-based Solidity development and testing framework with built-in vulnerability detectors

Wake cover

Features:

Dependencies

⚠️ Python 3.12 is experimentally supported.

Installation

via pip

pip3 install eth-wake

Documentation & Contribution

Wake documentation can be found here.

There you can also find a section on contributing.

Discovered vulnerabilities

Vulnerability Severity Project Method Discovered by Resources
Profit & loss accounted twice Critical IPOR Fuzz test Ackee Blockchain Report, Wake tests
Console permanent denial of service High Brahma Fuzz test Ackee Blockchain Report
Swap unwinding formula error High IPOR Fuzz test Ackee Blockchain Report, Wake tests
Swap unwinding fee accounted twice High IPOR Fuzz test Ackee Blockchain Report, Wake tests
Incorrect event data High Solady Integration test Ackee Blockchain Report, Wake tests
INTEREST_FROM_STRATEGY_BELOW_ZERO reverts DoS Medium IPOR Fuzz test Ackee Blockchain Report, Wake tests
Inaccurate hypothetical interest formula Medium IPOR Fuzz test Ackee Blockchain Report, Wake tests
Swap unwinding fee normalization error Medium IPOR Fuzz test Ackee Blockchain Report, Wake tests
Liquidation deposits accounted into LP balance Medium IPOR Fuzz test Ackee Blockchain Report, Wake tests
Missing receive function Medium Axelar Fuzz test Ackee Blockchain Wake tests
SafeERC20 not used for approve Medium Lido Fuzz test Ackee Blockchain Wake tests

Features

Testing framework

See examples and documentation for more information.

Writing tests is as simple as:

from wake.testing import *
from pytypes.contracts.Counter import Counter

@chain.connect()
def test_counter():
    counter = Counter.deploy()
    assert counter.count() == 0

    counter.increment()
    assert counter.count() == 1

Fuzzer

Fuzzer builds on top of the testing framework and allows efficient fuzz testing of Solidity smart contracts.

from wake.testing import *
from wake.testing.fuzzing import *
from pytypes.contracts.Counter import Counter

class CounterTest(FuzzTest):
    def pre_sequence(self) -> None:
        self.counter = Counter.deploy()
        self.count = 0

    @flow()
    def increment(self) -> None:
        self.counter.increment()
        self.count += 1

    @flow()
    def decrement(self) -> None:
        with may_revert(PanicCodeEnum.UNDERFLOW_OVERFLOW) as e:
            self.counter.decrement()

        if e.value is not None:
            assert self.count == 0
        else:
            self.count -= 1

    @invariant(period=10)
    def count(self) -> None:
        assert self.counter.count() == self.count

@chain.connect()
def test_counter():
    CounterTest().run(sequences_count=30, flows_count=100)

Detectors

All vulnerability & code quality detectors can be run using:

wake detect all

A specific detector can be run using:

wake detect <detector-name>

See the documentation for a list of all detectors.

Printers

A specific printer can be run using:

wake print <printer-name>

See the documentation for a list of all printers.

Custom detectors & printers

Refer to the getting started guide for more information. Also check out wake_detectors and wake_printers for the implementation of built-in detectors and printers.

LSP server

Wake implements an LSP server for Solidity. The only currently supported communication channel is TCP.

Wake LSP server can be run using:

wake lsp

Or with an optional --port argument (default 65432):

wake lsp --port 1234

All LSP server features can be found in the documentation.

License

This project is licensed under the ISC license.

Partners

RockawayX Coinbase