Awesome
About
⭐️ (7:21:12) | Lesson 15 | Security & Auditing
Learning how to use security tooling to find bugs!
Getting Started
Requirements
Please install the following:
- Git
- You'll know you've done it right if you can run
git --version
- You'll know you've done it right if you can run
- Foundry / Foundryup
- This will install
forge
,cast
, andanvil
- You can test you've installed them right by running
forge --version
and get an output like:forge 0.2.0 (f016135 2022-07-04T00:15:02.930499Z)
- To get the latest of each, just run
foundryup
- This will install
Quickstart
git clone https://github.com/PatrickAlphaC/denver-security
cd denver-security
forge install
Then, run our test suite, lots of stuff fails!!
forge test
Let's use tools to find bugs!
Manul Review
In CaughtWithManualReview.sol
we see doMath
should add 2 instead of one! We were only able to know this because we read the documentation associated with the function.
Test Suite
CaughtWithTest.sol
's setNumber
should set number
to the input parameter, but it doesn't!
To catch this, we write a test for our expected output, and run:
forge test -m testSetNumber -vv
Static Analysis
Prerequisites
- Python
- You'll know you've installed python right if you can run:
python --version
orpython3 --version
and get an output like:Python x.x.x
- You'll know you've installed python right if you can run:
- pipx
pipx
is different from pip- You may have to close and re-open your terminal
- You'll know you've installed it right if you can run:
pipx --version
and see something likex.x.x.x
We recommend installing slither with pipx
instead of pip
. Feel free to use the slither documentation if you prefer.
pipx install slither-analyzer
To run slither, run:
slither . --exclude-dependencies
See what it outputs!
Fuzzing
CaughtWithFuzz.sol
's doMoreMath
should never return 0... but how can we make sure of this? We can pass random data to it!
To catch this, we write a test for our expected output, and run:
forge test -m testFuzz -vv
Stateful fuzzing (invariants)
Our CaughtWithStatefulFuzz
contract's doMoreMathAgain
should never return 0... and looking at it, a regular fuzz test wouldn't work!
You can run:
forge test -m testFuzzPasses
And no matter what, it'll always pass! We need to call setValue
first, and then we can get it to revert! Invariant/Stateful Fuzzing tests do random data input combined with random function calls.
Run:
forge test -m invariant_testMathDoesntReturnZero -vv
And you'll see the 2 calls made to fail!
Formal Verification (SMT Checker)
In foundry.toml
uncomment the profile.default.model_checker
section.
Then, just run: forge build
Our solidity modeled our functionOneSymbolic
to be a math equation, and then, solved for the math!