Security Analysis Tool: Echidna
Echidna is a software for Ethereum smart contracts testing. It is open-source and uses complex fuzzling campaigns, based on a contract ABI (Application Binary Interface). It helps to generate tests, which detect valuations in Solidity assertions and custom properties. It can be easily adapted for new cases or test specific contracts in non-standard environments. It is comparable to the MythX tool.
Echidna does not require sophisticated configurations, is quite simple in installation, but still is a rather powerful tool. It can detect a broad range of property violations and can be set up depending on the specific task. It promptly finds bugs and errors in smart contracts and requires little human input This is why it is so popular among audit specialists.
Echidna has a list of features sought after by audit experts, which make it stand out from other analytical tools, including the following:
- It generates special inputs adjusted to and based on the actual code
- It uses optional corpus collection and coverage guidance to discover deep and uncommon bugs, unseen at the first glance
- It can extract information before the fuzzling stage, with the help of Slither
- It can be easily integrated into the development process
- It supports contract initialization with Etheno and Truffle framework
- Makes a quick triage by minimizing automatic test cases.
How is it used?
The first step is to call the ‘echidna-test’ function. It looks into the contract and makes a list of the variants that are always true (in other words, ‘invariants’) and creates an input. Then it creates random successions of calls to test the invariants, which must ‘hold hard’. If the condition is not met and the invariant can be falsified, it produces a warning result.
The Echidna tool can be used with various contract build systems (e.g. Truffle, Etheno or Hardhat) with the help of its ‘crytic-compile’ component (a specific library for smart contract compilation and a layer for smart contract build systems). Moreover, the tool supports two modes of testing sophisticated contracts.
Audit experts can use the initialization procedure with the selected framework as the base state of the tool. Then they can apply Echidna to any smart contract with an already familiar ABI (for that ‘multi-abi’ should be used and the corresponding source specified via the Command line interface).
Launched in 2019 and based in Dubai, SmartState is one of the leading DeFi security auditing firms. We conduct security tests and check the code core, smart contracts and blockchain for all types of errors, vulnerabilities and other issues.
Although SmartState gave a start to operations with smart contract auditing of DLT-projects, from the very beginning, we made our services surpass the classic purview of smart contract audit and security testing. We specialize in manual testing, so the SmartState’s tech team of white-hat security professionals measure up a project’s git and offer guidelines and recommendations for its further advancement. Security audit reports review the threats and vulnerabilities with which codebases may be exploited in the future, as the network achieves scalability and expands to accommodate more use cases and functionality.
Stay tuned and find more about us and what we provide on our: