Closed 0xcodercrane closed 10 months ago
I am very interested in that issue. I am wondering from what branch to start ? I can't find the echidna ci/cd script in the development
branch so I am guessing it is the fix/echidna
branch right ?
The thing is that branch has not been rebased on development
so the first thing to do is a huge rebase IMO.
I will appreciate it if you complete this bounty. hmm, I prefer to take echidna script from fix/echidna
and apply its changes to new branch forked from development
. You don't need to start on fix/echidna
branch. I made that branch to not miss the echidna script.
Roger that we only miss a bounty for this issue
Echidna ci/cd script looks great but what we want here is to get the script working for even 1 ~ 2 solidity files. So we want to make the echidna script working for both BondingV2.sol and BondingShareV2.sol
Doesn't it make sense for the bounty to set up Echidna for every smart contract? I would increase the Profit
label to 50% if so. Kind of wish we had Profit: <25%
lol cause current price seems low for assessing Bonding/Staking.
I'm interested in this bounty How can I get started?
Some caveats:
zgo thinks that some prerequisite work might need to be finished before.
I am very interested in that issue. I am wondering from what branch to start ? I can't find the echidna ci/cd script in the
development
branch so I am guessing it is thefix/echidna
branch right ? The thing is that branch has not been rebased ondevelopment
so the first thing to do is a huge rebase IMO.
Are you familiar with Echidna?
Assuming both are ok with you, then this may be a good first bounty to attempt.
Some caveats:
* zgo thinks that some prerequisite work might need to be finished before.
I am very interested in that issue. I am wondering from what branch to start ? I can't find the echidna ci/cd script in the
development
branch so I am guessing it is thefix/echidna
branch right ? The thing is that branch has not been rebased ondevelopment
so the first thing to do is a huge rebase IMO.* Are you familiar with Echidna?
Assuming both are ok with you, then this may be a good first bounty to attempt.
Also you first need to identify what are the invariants that you want to preserve for BondingV2 and BondingShareV2. If invariants don't make sense echidna testing is useless
@0xcodercrane @zgorizzo69
Perhaps we can modify this task to "create foundry fuzzing tests for all of the ubiquity contracts"? As far as I understand foundry fuzzing tests do the same job as echidna.
Yep! exactly. echidna is originally fuzz tests in which the foundry has that feature embedded. I agree
I recall having this conversation some months ago. The conclusion was that Echidna handles a slightly different problem space. This should be confirmed before scrapping it.
Hi! I have came across your project and would enjoy working on this.
A few words on my relevant background:
I used libfuzzer in the past for "traditional" fuzzing. It was mostly integration and results analysis. I tried slither for static analysis about 2-3 years ago.
Therefore, I do not have much Echidna experience yet but would like to check how useful it is.
My plan for this:
I will experiment today and tomorrow and give you a first update by Wednesday.
I believe first thing will be to compile the contract with Echidna and @openzeppelin
, might require some remappings.
After this task is completed and Echidna founds to be useful I would like to work on Echdina standard properties test https://github.com/crytic/properties/blob/main/PROPERTIES.md#erc20 (https://github.com/ubiquity/ubiquity-dollar/issues/587)
Resources:
If I will not be able to open a PR by Friday EOD I will step down from this task.
- /assign: Assign the origin sender to the issue automatically.
- /unassign: Unassign the origin sender from the issue automatically.
- /help: List all available commands.
- /payout: Disable automatic payment for the issue.
- /multiplier: Set bounty multiplier (for treasury)
- /allow: Set access control. (Admin Only)
- /wallet: <WALLET_ADDRESS | ENS_NAME>: Register the hunter's wallet address.
ex1: /wallet 0xf39fd6e51aad88f6f4ce6ab8827279cfffb92266
ex2: /wallet vitalik.eth
@gitcoindev
/start
Skipping /start
since no time labels are set to calculate the timeline
/wallet 0x7e92476D69Ff1377a8b45176b1829C4A5566653a
Updated the wallet address for @gitcoindev successfully! Your new address: 0x7e92476D69Ff1377a8b45176b1829C4A5566653a
<1 week
Hi @pavlovcik I noticed the @ubiquibot time is set for <1 day, would be grateful if you could adjust this to <1 week.
@gitcoindev sorry but this task is not ready yet, we're using foundry which has a built-in fuzzing feature, pls wait while we update the description
Hi @rndquu all right! Thank you for the heads up. I'd be grateful if you pinged me once the description is ready.
@gitcoindev sorry but this task is not ready yet, we're using foundry which has a built-in fuzzing feature, pls wait while we update the description
I thought that they cover different scenarios and so it makes sense to use both?
@gitcoindev sorry but this task is not ready yet, we're using foundry which has a built-in fuzzing feature, pls wait while we update the description
I thought that they cover different scenarios and so it makes sense to use both?
Both echidna and foundry can be used for invariant testing
The hardest part is to put those invariants in the right places because this requires an overall project understanding at a decent level
As long as we use foundry as a dev framework we'd better stick to a tool that is already implemented in our environment
seems a duplicate of #587 where there are discussions to decide if echidna will be part of the repo
# Issue was not closed as completed. Skipping.
seems a duplicate of #587 where there are discussions to decide if echidna will be part of the repo
My understanding is that Echidna covers different problems compared to the foundry fuzzer so we should use it.
yeah but let's gather another perspective in a different issue
seems a duplicate of #587 where there are discussions to decide if echidna will be part of the repo
My understanding is that Echidna covers different problems compared to the foundry fuzzer so we should use it.
Foundry supports both fuzzing tests and invariant (i.e. echidna) tests
ChatGPT response:
I did a quick search for more information and here's what I found.
Echidna is a prominent tool for fuzzing Ethereum smart contracts. It's developed in Haskell and focuses on property-based testing. Echidna uses sophisticated grammar-based fuzzing campaigns based on a contract's ABI to test user-defined predicates or Solidity assertions. It's particularly known for its unique approach to 'property-based fuzzing', where it tries to falsify user-defined invariants instead of looking for crashes like a traditional fuzzer. This capability allows it to write custom analyses for more complex contracts. Echidna's focus is on Ethereum Virtual Machine (EVM) bytecode, using tools like cryptic compile for testing contracts【9†source】【10†source】【11†source】.
Foundry, on the other hand, is a newer toolkit that includes fuzzing capabilities along with other features for Ethereum development. Its design emphasizes integration with the overall development workflow, making it easy to use alongside other Foundry tools. Foundry is known for its efficiency and the speed of its operations, which can be a significant advantage in certain development scenarios.
Comparing the two, it's clear that while there may be some overlap in core functionality, each tool has unique features and strengths. Echidna's property-based fuzzing is highly specialized and suited for complex contract testing, while Foundry's integrated approach and speed make it attractive for a more streamlined development process. The choice between these tools would largely depend on the specific needs and preferences of the development team, as well as the complexity of the contracts being tested.
Therefore, Foundry fuzzing doesn't necessarily render Echidna fuzzing redundant. Instead, they can be viewed as complementary tools, each excelling in different aspects of smart contract testing. In some cases, using both might offer the most comprehensive testing coverage for smart contracts.
https://chat.openai.com/c/84accfbb-7198-419d-bfde-246c719770c1
echidna scope highly different from foundry built in fuzzing, since pavlovcik wants it will best to just have it rendering but instead executing this on a newer issue, with new specific inputs for the task, upcoming
Well I want to make it very clear that I have no experience using Echidna and almost none with Foundry. I haven't even heard a lot of people on Twitter talking about Echidna lately. Perhaps its obsolete? I'm not sure.
Yes echidna came first before foundry, and it was one of the first fuzzing tool for ethereum (there are papers that analyze echidna) it was mainly targeted to fuzzing ERC20 in initials stages, will have to research but it only supports a set of properties to fuzz
Interestingly, I found a yet another player in the game called Medusa which apparently won the comparison:
the goal is finding the best performance "out of the box" with as little guidance & tweaking as possible.
Source: https://github.com/devdacian/solidity-fuzzing-comparison/blob/main/README.md
I think thats pretty nifty. Although I am more keen to adopt technologies that I see the people I follow start talking about. However if its easy to set up then I see no issue with adding this to the CI.
Problem
Echidna ci/cd script looks great but what we want here is to get the script working for even 1 ~ 2 solidity files. So we want to make the echidna script working for both BondingV2.sol and BondingShareV2.sol
Acceptance Criteria