eth-wake

Wake, a Python-based Solidity development and testing framework with built-in vulnerability detectors

Features:

• testing framework based on pytest
• property-based fuzzer
• deployments & mainnet interactions
• vulnerability and code quality detectors
• printers for extracting useful information from Solidity code
• static analysis framework for implementing custom detectors and printers
• Github actions for setting up Wake and running detectors
• language server (LSP)
• VS Code extension (Tools for Solidity)
• solc version manager

Dependencies

• Python (version 3.8 or higher)
• Rosetta must be enabled on Apple Silicon Macs

⚠️ Python 3.12 is experimentally supported.

Installation

via pip

pip3 install eth-wake

Documentation & Contribution

Wake documentation can be found here.

There you can also find a section on contributing.

Discovered vulnerabilities

Vulnerability	Severity	Project	Method	Discovered by	Resources
Profit & loss accounted twice	Critical	IPOR	Fuzz test	Ackee Blockchain	Report, Wake tests
Console permanent denial of service	High	Brahma	Fuzz test	Ackee Blockchain	Report
Swap unwinding formula error	High	IPOR	Fuzz test	Ackee Blockchain	Report, Wake tests
Swap unwinding fee accounted twice	High	IPOR	Fuzz test	Ackee Blockchain	Report, Wake tests
Incorrect event data	High	Solady	Integration test	Ackee Blockchain	Report, Wake tests
INTEREST_FROM_STRATEGY_BELOW_ZERO reverts DoS	Medium	IPOR	Fuzz test	Ackee Blockchain	Report, Wake tests
Inaccurate hypothetical interest formula	Medium	IPOR	Fuzz test	Ackee Blockchain	Report, Wake tests
Swap unwinding fee normalization error	Medium	IPOR	Fuzz test	Ackee Blockchain	Report, Wake tests
Liquidation deposits accounted into LP balance	Medium	IPOR	Fuzz test	Ackee Blockchain	Report, Wake tests
Missing receive function	Medium	Axelar	Fuzz test	Ackee Blockchain	Wake tests
SafeERC20 not used for approve	Medium	Lido	Fuzz test	Ackee Blockchain	Wake tests
Non-optimistic vetting & unbonded keys bad accounting	Medium	Lido	Fuzz test	Ackee Blockchain	Report, Wake tests

Features

Testing framework

See examples and documentation for more information.

Writing tests is as simple as:

from wake.testing import *
from pytypes.contracts.Counter import Counter

@chain.connect()
def test_counter():
    counter = Counter.deploy()
    assert counter.count() == 0

    counter.increment()
    assert counter.count() == 1

Fuzzer

Fuzzer builds on top of the testing framework and allows efficient fuzz testing of Solidity smart contracts.

from wake.testing import *
from wake.testing.fuzzing import *
from pytypes.contracts.Counter import Counter

class CounterTest(FuzzTest):
    def pre_sequence(self) -> None:
        self.counter = Counter.deploy()
        self.count = 0

    @flow()
    def increment(self) -> None:
        self.counter.increment()
        self.count += 1

    @flow()
    def decrement(self) -> None:
        with may_revert(PanicCodeEnum.UNDERFLOW_OVERFLOW) as e:
            self.counter.decrement()

        if e.value is not None:
            assert self.count == 0
        else:
            self.count -= 1

    @invariant(period=10)
    def count(self) -> None:
        assert self.counter.count() == self.count

@chain.connect()
def test_counter():
    CounterTest().run(sequences_count=30, flows_count=100)

Detectors

All vulnerability & code quality detectors can be run using:

wake detect all

A specific detector can be run using:

wake detect <detector-name>

See the documentation for a list of all detectors.

Printers

A specific printer can be run using:

wake print <printer-name>

See the documentation for a list of all printers.

Custom detectors & printers

Refer to the getting started guide for more information. Also check out wake_detectors and wake_printers for the implementation of built-in detectors and printers.

LSP server

Wake implements an LSP server for Solidity. The only currently supported communication channel is TCP.

Wake LSP server can be run using:

wake lsp

Or with an optional --port argument (default 65432):

wake lsp --port 1234

All LSP server features can be found in the documentation.

License

This project is licensed under the ISC license.

Partners

RockawayX	Coinbase