This README provides step-by-step instructions to install Docker, Node.js (with npm), Slither, and Echidna, and run tests on Solidity contracts using Echidna. The tests include invariant checks for ERC20 and ERC721 tokens.
- Docker installed on your machine.
- Node.js and npm installed on your machine.
- Basic knowledge of Solidity and smart contract testing.
-
Download Docker:
- Go to the Docker download page and download Docker Desktop for your operating system.
-
Install Docker:
- Follow the installation instructions specific to your operating system.
-
Verify Docker Installation:
- Open a terminal or command prompt and run:
docker --version
- You should see the Docker version information.
- Open a terminal or command prompt and run:
-
Download Node.js:
- Go to the Node.js download page and download the LTS version for your operating system.
-
Install Node.js:
- Follow the installation instructions specific to your operating system.
-
Verify Node.js and npm Installation:
- Open a terminal or command prompt and run:
node --version npm --version
- You should see the Node.js and npm version information.
- Open a terminal or command prompt and run:
-
Create a Solidity Project Directory:
- Create a directory for your Solidity project. For example:
mkdir -p ~/solidity-project cd ~/solidity-project
- Create a directory for your Solidity project. For example:
-
Initialize npm:
- Run the following command to initialize a new npm project:
npm init -y
- Run the following command to initialize a new npm project:
-
Install OpenZeppelin Contracts:
- Install the OpenZeppelin contracts library:
npm install @openzeppelin/contracts
- Install the OpenZeppelin contracts library:
-
Add Your Solidity Code:
- Save the following Solidity code in a file named
erc721test.sol
:
- Save the following Solidity code in a file named
-
Run Echidna in Docker:
- Use the following command to run Echidna and test your Solidity code:
docker run --rm -it -v "$(pwd):/src" trailofbits/echidna bash -c "solc-select install 0.8.20 && solc-select use 0.8.20 && echidna --contract EchidnaTestERC721 /src/erc721test.sol"
- Use the following command to run Echidna and test your Solidity code:
-
Install Solc-Select:
- Ensure Solidity compiler version 0.8.20 is installed and used:
solc-select install 0.8.20 solc-select use 0.8.20
- Ensure Solidity compiler version 0.8.20 is installed and used:
-
Run Echidna:
- Run the Echidna tests:
echidna --contract EchidnaTestERC721 /src/erc721test.sol
- Run the Echidna tests:
Please refer to the provided screenshots for each step:
-
Docker Installation Verification:
-
Solidity Project Setup:
-
Running Echidna:
-
Echidna Test Result without minting :
-
Echidna Test Result with minting :
Invariants are conditions that must remain true throughout the execution of a program. In this context, the invariant being tested ensures that the total supply of tokens (either ERC20 or ERC721) remains constant after the contract's initial setup.
- Reason: Initially, without the
testMint
function, the total supply of tokens does not change after deployment because no new tokens are minted. - Result: The invariant check succeeds because the total supply remains consistent with its initial value.
- Reason: Upon adding the
testMint
function, new tokens are minted during testing. - Result: This action increases the total supply, which violates the invariant that requires the total supply to remain constant. As a result, the invariant check fails.
To address this issue and maintain the invariant (total supply consistency):
- Adjust the
testMint
function or any other minting logic to ensure that changes to the total supply are properly managed and do not violate the expected invariant. - Implement additional checks or modify the contract logic to enforce the invariant condition during minting or burning operations.
Echidna is a powerful property-based fuzzer for Ethereum smart contracts. It is developed by Trail of Bits and is used for automated testing and analysis of Solidity contracts. Echidna works by generating random inputs to test for vulnerabilities, edge cases, and compliance with specified properties or invariants within the smart contracts.
Echidna helps developers and auditors identify security vulnerabilities such as reentrancy bugs, integer overflows, and other unexpected behaviors that could compromise the security and correctness of smart contracts.