Wake: A Python Framework for Secure Solidity Development and Fuzz Testing
Summary
Wake is a robust Python-based framework designed for secure Solidity development and comprehensive fuzz testing. It provides built-in vulnerability detectors, helping developers build more secure Ethereum dApps. With features like a VS Code extension and CI/CD integration, Wake streamlines the smart contract development workflow.
Repository Info
Tags
Click on any tag to explore related repositories
Introduction
Wake is a powerful Python-based framework for Solidity development and fuzz testing, created by Ackee Blockchain Security. Trusted auditors of major projects like Lido, Safe, and Axelar, Ackee Blockchain built Wake to help developers write safer smart contracts faster. It offers a comprehensive suite of tools for testing, analysis, and deployment of Ethereum dApps.
Installation
To get started with Wake, ensure you have Python 3.8 or higher installed. For Apple Silicon Macs, Rosetta must be enabled.
Install Wake via pip:
pip3 install eth-wake
Examples
Wake offers powerful features for testing and development.
Fuzzer Example
Wake's fuzzer is built on its testing framework, enabling efficient fuzz testing of Solidity smart contracts. Here's an example of a fuzz test for a simple counter contract:
from wake.testing import *
from wake.testing.fuzzing import *
from pytypes.contracts.Counter import Counter
class CounterTest(FuzzTest):
def pre_sequence(self) -> None:
self.counter = Counter.deploy()
self.count = 0
@flow()
def increment(self) -> None:
self.counter.increment()
self.count += 1
@flow()
def decrement(self) -> None:
with may_revert(PanicCodeEnum.UNDERFLOW_OVERFLOW) as e:
self.counter.decrement()
if e.value is not None:
assert self.count == 0
else:
self.count -= 1
@invariant(period=10)
def count(self) -> None:
assert self.counter.count() == self.count
@chain.connect()
def test_counter():
CounterTest().run(sequences_count=30, flows_count=100)
Detectors and Printers
Wake includes built-in vulnerability and code quality detectors. You can run all detectors with:
wake detect all
To run a specific detector, use:
wake detect <detector-name>
Printers can extract useful information from Solidity code:
wake print <printer-name>
For custom detectors and printers, refer to the getting started guide.
LSP Server
Wake implements a Language Server Protocol (LSP) server for Solidity, providing features like autocompletion and hints in your IDE. Run it with:
wake lsp
You can also specify a port (default is 65432):
wake lsp --port 1234
Why Use Wake
Wake stands out as a comprehensive framework for Solidity development due to its unique combination of features:
- Built-in Fuzzing: Automatically generates diverse inputs and edge cases to uncover hidden vulnerabilities, including manually-guided and property-based fuzzing.
- Vulnerability Detectors: Catches common issues like reentrancy, overflows, and logic flaws early in the development cycle.
- Seamless Developer Experience: Offers a VS Code extension, GitHub Actions for CI/CD integration, and a
solcmanager for consistent builds. - Cross-chain Testing: Compatible with popular environments such as Anvil, Hardhat, and Ganache.
- Pytest Integration: Leverages the familiar
pytestframework for writing clean and simple tests. - Static Analysis Framework: Provides a robust framework for custom detectors and printers, allowing for project-specific rules and insights.
- Language Server Protocol (LSP): Delivers autocompletion, hints, and references directly within your IDE, enhancing productivity.
Wake's ability to combine advanced fuzzing, static analysis with detectors, and a full-featured LSP server in a Python environment makes it a powerful tool for ensuring the security and quality of smart contracts.
Links
For more detailed information, contributions, and community engagement, explore the following resources: