⭐️ (7:21:12) | Lesson 15 | Security & Auditing
Learning how to use security tooling to find bugs!
Please install the following:
git --version
forge
, cast
, and anvil
forge --version
and get an output like: forge 0.2.0 (f016135 2022-07-04T00:15:02.930499Z)
foundryup
git clone https://github.com/PatrickAlphaC/denver-security
cd denver-security
forge install
Then, run our test suite, lots of stuff fails!!
forge test
In CaughtWithManualReview.sol
we see doMath
should add 2 instead of one! We were only able to know this because we read the documentation associated with the function.
CaughtWithTest.sol
's setNumber
should set number
to the input parameter, but it doesn't!
To catch this, we write a test for our expected output, and run:
forge test -m testSetNumber -vv
python --version
or python3 --version
and get an output like: Python x.x.x
pipx
is different from pippipx --version
and see something like x.x.x.x
We recommend installing slither with pipx
instead of pip
. Feel free to use the slither documentation if you prefer.
pipx install slither-analyzer
To run slither, run:
slither . --exclude-dependencies
See what it outputs!
CaughtWithFuzz.sol
's doMoreMath
should never return 0... but how can we make sure of this? We can pass random data to it!
To catch this, we write a test for our expected output, and run:
forge test -m testFuzz -vv
Our CaughtWithStatefulFuzz
contract's doMoreMathAgain
should never return 0... and looking at it, a regular fuzz test wouldn't work!
You can run:
forge test -m testFuzzPasses
And no matter what, it'll always pass! We need to call setValue
first, and then we can get it to revert! Invariant/Stateful Fuzzing tests do random data input combined with random function calls.
Run:
forge test -m invariant_testMathDoesntReturnZero -vv
And you'll see the 2 calls made to fail!
In foundry.toml
uncomment the profile.default.model_checker
section.
Then, just run: forge build
Our solidity modeled our functionOneSymbolic
to be a math equation, and then, solved for the math!