New Case Study:See how Anthropic automated 95% of dependency reviews with Socket.Learn More →

eth-wake

Package Overview

Dependencies

Advanced tools

Install Socket

Detect and block malicious and high-risk dependencies

Install

eth-wake

Wake is a Python-based Solidity development and testing framework with built-in vulnerability detectors.

4.14.1
PyPI

Maintainers: 2

Wake, a Python-based Solidity development and testing framework with built-in vulnerability detectors

Wake cover

Features:

testing framework based on pytest
property-based fuzzer
deployments & mainnet interactions
vulnerability and code quality detectors
printers for extracting useful information from Solidity code
static analysis framework for implementing custom detectors and printers
Github actions for setting up Wake and running detectors
language server (LSP)
VS Code extension (Tools for Solidity)
solc version manager

Dependencies

Python (version 3.8 or higher)
Rosetta must be enabled on Apple Silicon Macs

⚠️ Python 3.12 is experimentally supported.

Installation

via pip

pip3 install eth-wake

Documentation & Contribution

Wake documentation can be found here.

There you can also find a section on contributing.

Discovered vulnerabilities

Vulnerability	Severity	Project	Method	Discovered by	Resources
Profit & loss accounted twice	Critical	IPOR	Fuzz test	Ackee Blockchain	Report, Wake tests
Loan refinancing reentrancy	Critical	PWN	Detector	Ackee Blockchain	Report
Incorrect optimization in loan refinancing	Critical	PWN	Fuzz test	Ackee Blockchain	Report, Wake tests
Console permanent denial of service	High	Brahma	Fuzz test	Ackee Blockchain	Report
Swap unwinding formula error	High	IPOR	Fuzz test	Ackee Blockchain	Report, Wake tests
Swap unwinding fee accounted twice	High	IPOR	Fuzz test	Ackee Blockchain	Report, Wake tests
Incorrect event data	High	Solady	Integration test	Ackee Blockchain	Report, Wake tests
`INTEREST_FROM_STRATEGY_BELOW_ZERO` reverts DoS	Medium	IPOR	Fuzz test	Ackee Blockchain	Report, Wake tests
Inaccurate hypothetical interest formula	Medium	IPOR	Fuzz test	Ackee Blockchain	Report, Wake tests
Swap unwinding fee normalization error	Medium	IPOR	Fuzz test	Ackee Blockchain	Report, Wake tests
Liquidation deposits accounted into LP balance	Medium	IPOR	Fuzz test	Ackee Blockchain	Report, Wake tests
Missing receive function	Medium	Axelar	Fuzz test	Ackee Blockchain	Wake tests
`SafeERC20` not used for `approve`	Medium	Lido	Fuzz test	Ackee Blockchain	Wake tests
Non-optimistic vetting & unbonded keys bad accounting	Medium	Lido	Fuzz test	Ackee Blockchain	Report, Wake tests
Chainlink common denominator bad logic	Medium	PWN	Fuzz test	Ackee Blockchain	Report, Wake tests
Outdated/reverting Chainlink feed causes DoS	Medium	PWN	Fuzz test	Ackee Blockchain	Report, Wake tests
Incorrect EIP-712 typehash	Medium	PWN	Detector	Ackee Blockchain	Report
Incorrect EIP-712 data encoding	Medium	PWN	Fuzz test	Ackee Blockchain	Report, Wake tests

Features

Testing framework

See examples and documentation for more information.

Writing tests is as simple as:

from wake.testing import *
from pytypes.contracts.Counter import Counter

@chain.connect()
def test_counter():
    counter = Counter.deploy()
    assert counter.count() == 0

    counter.increment()
    assert counter.count() == 1

Fuzzer

Fuzzer builds on top of the testing framework and allows efficient fuzz testing of Solidity smart contracts.

from wake.testing import *
from wake.testing.fuzzing import *
from pytypes.contracts.Counter import Counter

class CounterTest(FuzzTest):
    def pre_sequence(self) -> None:
        self.counter = Counter.deploy()
        self.count = 0

    @flow()
    def increment(self) -> None:
        self.counter.increment()
        self.count += 1

    @flow()
    def decrement(self) -> None:
        with may_revert(PanicCodeEnum.UNDERFLOW_OVERFLOW) as e:
            self.counter.decrement()

        if e.value is not None:
            assert self.count == 0
        else:
            self.count -= 1

    @invariant(period=10)
    def count(self) -> None:
        assert self.counter.count() == self.count

@chain.connect()
def test_counter():
    CounterTest().run(sequences_count=30, flows_count=100)

Detectors

All vulnerability & code quality detectors can be run using:

wake detect all

A specific detector can be run using:

wake detect <detector-name>

See the documentation for a list of all detectors.

Printers

A specific printer can be run using:

wake print <printer-name>

See the documentation for a list of all printers.

Custom detectors & printers

Refer to the getting started guide for more information. Also check out wake_detectors and wake_printers for the implementation of built-in detectors and printers.

LSP server

Wake implements an LSP server for Solidity. The only currently supported communication channel is TCP.

Wake LSP server can be run using:

wake lsp

Or with an optional --port argument (default 65432):

wake lsp --port 1234

All LSP server features can be found in the documentation.

License

This project is licensed under the ISC license.

Partners

RockawayX	Coinbase

Keywords

FAQs

What is eth-wake?

Is eth-wake well maintained?

Did you know?

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

eth-wake

Wake, a Python-based Solidity development and testing framework with built-in vulnerability detectors

Dependencies

Installation

Documentation & Contribution

Discovered vulnerabilities

Features

Testing framework

Fuzzer

Detectors

Printers

Custom detectors & printers

LSP server

License

Partners

Keywords

Related posts

North Korean APT Lazarus Targets Developers with Malicious npm Package

CISA Brings KEV Data to GitHub