文件列表:

foundry.toml (290, 2023-10-04)
lib/ (0, 2023-10-04)
lib/forge-std/ (0, 2023-10-04)
lib/slither/ (0, 2023-10-04)
src/ (0, 2023-10-04)
src/CaughtWithFuzz.sol (1128, 2023-10-04)
src/CaughtWithManualReview.sol (345, 2023-10-04)
src/CaughtWithSlither.sol (603, 2023-10-04)
src/CaughtWithStatefulFuzz.sol (498, 2023-10-04)
src/CaughtWithSymbolic.sol (396, 2023-10-04)
src/CaughtWithTest.sol (242, 2023-10-04)
test/ (0, 2023-10-04)
test/CaughtWithFuzz.t.sol (461, 2023-10-04)
test/CaughtWithStatefulFuzz.t.sol (760, 2023-10-04)
test/CaughtWithTest.t.sol (463, 2023-10-04)

# About Smart contract auditing and research Learning how to use security tooling to find bugs! - manul-review - test-suite - static-analysis - prerequisites - fuzzing - stateful-fuzzing-invariants - formal-verification-smt-checker # Getting Started ## Requirements Please install the following: - [Git](https://git-scm.com/book/en/v2/Getting-Started-Installing-Git) - You'll know you've done it right if you can run `git --version` - [Foundry / Foundryup](https://github.com/gakonst/foundry) - This will install `forge`, `cast`, and `anvil` - You can test you've installed them right by running `forge --version` and get an output like: `forge 0.2.0 (f016135 2022-07-04T00:15:02.930499Z)` - To get the latest of each, just run `foundryup` ## Quickstart ```sh git clone https://github.com/iftikharuddin/smart-contract-auditing cd smart-contract-auditing forge install ``` Then, run our test suite, lots of stuff fails!! ``` forge test ``` # Let's use tools to find bugs! ## Manul Review In `CaughtWithManualReview.sol` we see `doMath` should add 2 instead of one! We were only able to know this because we read the documentation associated with the function. ## Test Suite `CaughtWithTest.sol`'s `setNumber` should set `number` to the input parameter, but it doesn't! To catch this, we write a test for our expected output, and run: ``` forge test -m testSetNumber -vv ``` ## Static Analysis ### Prerequisites - [Python](https://www.python.org/downloads/) - You'll know you've installed python right if you can run: - `python --version` or `python3 --version` and get an output like: `Python x.x.x` - [pipx](https://pypa.github.io/pipx/installation/) - `pipx` is different from [pip](https://pypi.org/project/pip/) - You may have to close and re-open your terminal - You'll know you've installed it right if you can run: - `pipx --version` and see something like `x.x.x.x` We recommend installing slither with `pipx` instead of `pip`. Feel free to use the [slither documentation](https://github.com/crytic/slither#how-to-install) if you prefer. ``` pipx install slither-analyzer ``` To run slither, run: ``` slither . --exclude-dependencies ``` See what it outputs! ## Fuzzing `CaughtWithFuzz.sol`'s `doMoreMath` should never return 0... but how can we make sure of this? We can pass random data to it! To catch this, we write a test for our expected output, and run: ``` forge test -m testFuzz -vv ``` ## Stateful fuzzing (invariants) Our `CaughtWithStatefulFuzz` contract's `doMoreMathAgain` should never return 0... and looking at it, a regular fuzz test wouldn't work! You can run: ``` forge test -m testFuzzPasses ``` And no matter what, it'll always pass! We need to call `setValue` first, and then we can get it to revert! Invariant/Stateful Fuzzing tests do random data input combined with random function calls. Run: ``` forge test -m invariant_testMathDoesntReturnZero -vv ``` And you'll see the 2 calls made to fail! ## Formal Verification (SMT Checker) In `foundry.toml` uncomment the `profile.default.model_checker` section. Then, just run: `forge build` Our solidity modeled our `functionOneSymbolic` to be a math equation, and then, solved for the math!

近期下载者：

相关文件：

评论：[我要评论] [举报此文件]

收藏者：