Home

Awesome

About

⭐️ (7:21:12) | Lesson 15 | Security & Auditing

Learning how to use security tooling to find bugs!

Getting Started

Requirements

Please install the following:

Quickstart

git clone https://github.com/PatrickAlphaC/denver-security
cd denver-security
forge install

Then, run our test suite, lots of stuff fails!!

forge test

Let's use tools to find bugs!

Manul Review

In CaughtWithManualReview.sol we see doMath should add 2 instead of one! We were only able to know this because we read the documentation associated with the function.

Test Suite

CaughtWithTest.sol's setNumber should set number to the input parameter, but it doesn't!

To catch this, we write a test for our expected output, and run:

forge test -m testSetNumber -vv

Static Analysis

Prerequisites

We recommend installing slither with pipx instead of pip. Feel free to use the slither documentation if you prefer.

pipx install slither-analyzer

To run slither, run:

slither . --exclude-dependencies

See what it outputs!

Fuzzing

CaughtWithFuzz.sol's doMoreMath should never return 0... but how can we make sure of this? We can pass random data to it!

To catch this, we write a test for our expected output, and run:

forge test -m testFuzz -vv

Stateful fuzzing (invariants)

Our CaughtWithStatefulFuzz contract's doMoreMathAgain should never return 0... and looking at it, a regular fuzz test wouldn't work!

You can run:

forge test -m testFuzzPasses

And no matter what, it'll always pass! We need to call setValue first, and then we can get it to revert! Invariant/Stateful Fuzzing tests do random data input combined with random function calls.

Run:

forge test -m invariant_testMathDoesntReturnZero -vv

And you'll see the 2 calls made to fail!

Formal Verification (SMT Checker)

In foundry.toml uncomment the profile.default.model_checker section.

Then, just run: forge build

Our solidity modeled our functionOneSymbolic to be a math equation, and then, solved for the math!