Request form
Cyfrin F23 / denver-security
    Docs
    Source
    ChefGPT

    An example repo using unit tests, fuzzing, stateful fuzzing, static analysis and formal verification to find all the bugs in our smart contracts!

    test.sol
    Base.sol
    StdAssertions.sol
    StdChains.sol
    StdCheats.sol
    StdError.sol
    StdInvariant.sol
    StdJson.sol
    StdMath.sol
    StdStorage.sol
    StdUtils.sol
    Test.sol
    Vm.sol
    console.sol
    console2.sol
    IMulticall3.sol
    CaughtWithFuzz.sol
    CaughtWithManualReview.sol
    CaughtWithSlither.sol
    CaughtWithStatefulFuzz.sol
    CaughtWithSymbolic.sol
    CaughtWithTest.sol
    CaughtWithFuzz.t.sol
    CaughtWithStatefulFuzz.t.sol
    CaughtWithTest.t.sol

    Chains

    Authors

    Cyfrin F23 / denver-security
      Info
      Source
      ChefGPT
      Expand
      Share

      Get Cookin'

      Authors

      About

      ⭐️ (7:21:12) | Lesson 15 | Security & Auditing

      Learning how to use security tooling to find bugs!

      Getting Started

      Requirements

      Please install the following:

      • Git
        • You'll know you've done it right if you can run git --version
      • Foundry / Foundryup
        • This will install forge, cast, and anvil
        • You can test you've installed them right by running forge --version and get an output like: forge 0.2.0 (f016135 2022-07-04T00:15:02.930499Z)
        • To get the latest of each, just run foundryup

      Quickstart

      git clone https://github.com/PatrickAlphaC/denver-security
      cd denver-security
      forge install
      

      Then, run our test suite, lots of stuff fails!!

      forge test
      

      Let's use tools to find bugs!

      Manul Review

      In CaughtWithManualReview.sol we see doMath should add 2 instead of one! We were only able to know this because we read the documentation associated with the function.

      Test Suite

      CaughtWithTest.sol's setNumber should set number to the input parameter, but it doesn't!

      To catch this, we write a test for our expected output, and run:

      forge test -m testSetNumber -vv
      

      Static Analysis

      Prerequisites

      • Python
        • You'll know you've installed python right if you can run:
          • python --version or python3 --version and get an output like: Python x.x.x
      • pipx
        • pipx is different from pip
        • You may have to close and re-open your terminal
        • You'll know you've installed it right if you can run:
          • pipx --version and see something like x.x.x.x

      We recommend installing slither with pipx instead of pip. Feel free to use the slither documentation if you prefer.

      pipx install slither-analyzer
      

      To run slither, run:

      slither . --exclude-dependencies
      

      See what it outputs!

      Fuzzing

      CaughtWithFuzz.sol's doMoreMath should never return 0... but how can we make sure of this? We can pass random data to it!

      To catch this, we write a test for our expected output, and run:

      forge test -m testFuzz -vv
      

      Stateful fuzzing (invariants)

      Our CaughtWithStatefulFuzz contract's doMoreMathAgain should never return 0... and looking at it, a regular fuzz test wouldn't work!

      You can run:

      forge test -m testFuzzPasses
      

      And no matter what, it'll always pass! We need to call setValue first, and then we can get it to revert! Invariant/Stateful Fuzzing tests do random data input combined with random function calls.

      Run:

      forge test -m invariant_testMathDoesntReturnZero -vv
      

      And you'll see the 2 calls made to fail!

      Formal Verification (SMT Checker)

      In foundry.toml uncomment the profile.default.model_checker section.

      Then, just run: forge build

      Our solidity modeled our functionOneSymbolic to be a math equation, and then, solved for the math!

      An example repo using unit tests, fuzzing, stateful fuzzing, static analysis and formal verification to find all the bugs in our smart contracts!
      test.sol
      Base.sol
      StdAssertions.sol
      StdChains.sol
      StdCheats.sol
      StdError.sol
      StdInvariant.sol
      StdJson.sol
      StdMath.sol
      StdStorage.sol
      StdUtils.sol
      Test.sol
      Vm.sol
      console.sol
      console2.sol
      IMulticall3.sol
      CaughtWithFuzz.sol
      CaughtWithManualReview.sol
      CaughtWithSlither.sol
      CaughtWithStatefulFuzz.sol
      CaughtWithSymbolic.sol
      CaughtWithTest.sol
      CaughtWithFuzz.t.sol
      CaughtWithStatefulFuzz.t.sol
      CaughtWithTest.t.sol