Home

Awesome

Wake, a Python-based Solidity development and testing framework with built-in vulnerability detectors

Wake cover

Features:

Dependencies

⚠️ Python 3.12 is experimentally supported.

Installation

via pip

pip3 install eth-wake

Documentation & Contribution

Wake documentation can be found here.

There you can also find a section on contributing.

Discovered vulnerabilities

VulnerabilitySeverityProjectMethodDiscovered byResources
Profit & loss accounted twiceCriticalIPORFuzz testAckee BlockchainReport, Wake tests
Console permanent denial of serviceHighBrahmaFuzz testAckee BlockchainReport
Swap unwinding formula errorHighIPORFuzz testAckee BlockchainReport, Wake tests
Swap unwinding fee accounted twiceHighIPORFuzz testAckee BlockchainReport, Wake tests
Incorrect event dataHighSoladyIntegration testAckee BlockchainReport, Wake tests
INTEREST_FROM_STRATEGY_BELOW_ZERO reverts DoSMediumIPORFuzz testAckee BlockchainReport, Wake tests
Inaccurate hypothetical interest formulaMediumIPORFuzz testAckee BlockchainReport, Wake tests
Swap unwinding fee normalization errorMediumIPORFuzz testAckee BlockchainReport, Wake tests
Liquidation deposits accounted into LP balanceMediumIPORFuzz testAckee BlockchainReport, Wake tests
Missing receive functionMediumAxelarFuzz testAckee BlockchainWake tests
SafeERC20 not used for approveMediumLidoFuzz testAckee BlockchainWake tests
Non-optimistic vetting & unbonded keys bad accountingMediumLidoFuzz testAckee BlockchainReport, Wake tests

Features

Testing framework

See examples and documentation for more information.

Writing tests is as simple as:

from wake.testing import *
from pytypes.contracts.Counter import Counter

@chain.connect()
def test_counter():
    counter = Counter.deploy()
    assert counter.count() == 0

    counter.increment()
    assert counter.count() == 1

Fuzzer

Fuzzer builds on top of the testing framework and allows efficient fuzz testing of Solidity smart contracts.

from wake.testing import *
from wake.testing.fuzzing import *
from pytypes.contracts.Counter import Counter

class CounterTest(FuzzTest):
    def pre_sequence(self) -> None:
        self.counter = Counter.deploy()
        self.count = 0

    @flow()
    def increment(self) -> None:
        self.counter.increment()
        self.count += 1

    @flow()
    def decrement(self) -> None:
        with may_revert(PanicCodeEnum.UNDERFLOW_OVERFLOW) as e:
            self.counter.decrement()

        if e.value is not None:
            assert self.count == 0
        else:
            self.count -= 1

    @invariant(period=10)
    def count(self) -> None:
        assert self.counter.count() == self.count

@chain.connect()
def test_counter():
    CounterTest().run(sequences_count=30, flows_count=100)

Detectors

All vulnerability & code quality detectors can be run using:

wake detect all

A specific detector can be run using:

wake detect <detector-name>

See the documentation for a list of all detectors.

Printers

A specific printer can be run using:

wake print <printer-name>

See the documentation for a list of all printers.

Custom detectors & printers

Refer to the getting started guide for more information. Also check out wake_detectors and wake_printers for the implementation of built-in detectors and printers.

LSP server

Wake implements an LSP server for Solidity. The only currently supported communication channel is TCP.

Wake LSP server can be run using:

wake lsp

Or with an optional --port argument (default 65432):

wake lsp --port 1234

All LSP server features can be found in the documentation.

License

This project is licensed under the ISC license.

Partners

RockawayXCoinbase