wake Download - wake Source code download

wake

Other categories

v4.13.2

Download

Wake, a Python-based Solidity development and testing framework with built-in vulnerability detectors

Wake cover

Features:

testing framework based on pytest
property-based fuzzer
deployments & mainnet interactions
vulnerability and code quality detectors
printers for extracting useful information from Solidity code
static analysis framework for implementing custom detectors and printers
Github actions for setting up Wake and running detectors
language server (LSP)
VS Code extension (Tools for Solidity)
solc version manager

Dependencies

Python (version 3.8 or higher)
Rosetta must be enabled on Apple Silicon Macs

️ Python 3.12 is experimentally supported.

Installation

via pip

pip3 install eth-wake

Documentation & Contribution

Wake documentation can be found here.

There you can also find a section on contributing.

Discovered vulnerabilities

Vulnerability	Severity	Project	Method	Discovered by	Resources
Profit & loss accounted twice	Critical	IPOR	Fuzz test	Ackee Blockchain	Report, Wake tests
Console permanent denial of service	High	Brahma	Fuzz test	Ackee Blockchain	Report
Swap unwinding formula error	High	IPOR	Fuzz test	Ackee Blockchain	Report, Wake tests
Swap unwinding fee accounted twice	High	IPOR	Fuzz test	Ackee Blockchain	Report, Wake tests
Incorrect event data	High	Solady	Integration test	Ackee Blockchain	Report, Wake tests
`INTEREST_FROM_STRATEGY_BELOW_ZERO` reverts DoS	Medium	IPOR	Fuzz test	Ackee Blockchain	Report, Wake tests
Inaccurate hypothetical interest formula	Medium	IPOR	Fuzz test	Ackee Blockchain	Report, Wake tests
Swap unwinding fee normalization error	Medium	IPOR	Fuzz test	Ackee Blockchain	Report, Wake tests
Liquidation deposits accounted into LP balance	Medium	IPOR	Fuzz test	Ackee Blockchain	Report, Wake tests
Missing receive function	Medium	Axelar	Fuzz test	Ackee Blockchain	Wake tests
`SafeERC20` not used for `approve`	Medium	Lido	Fuzz test	Ackee Blockchain	Wake tests
Non-optimistic vetting & unbonded keys bad accounting	Medium	Lido	Fuzz test	Ackee Blockchain	Report, Wake tests

Features

Testing framework

See examples and documentation for more information.

Writing tests is as simple as:

from wake.testing import *
from pytypes.contracts.Counter import Counter

@chain.connect()
def test_counter():
    counter = Counter.deploy()
    assert counter.count() == 0

    counter.increment()
    assert counter.count() == 1

Fuzzer

Fuzzer builds on top of the testing framework and allows efficient fuzz testing of Solidity smart contracts.

from wake.testing import *
from wake.testing.fuzzing import *
from pytypes.contracts.Counter import Counter

class CounterTest(FuzzTest):
    def pre_sequence(self) -> None:
        self.counter = Counter.deploy()
        self.count = 0

    @flow()
    def increment(self) -> None:
        self.counter.increment()
        self.count += 1

    @flow()
    def decrement(self) -> None:
        with may_revert(PanicCodeEnum.UNDERFLOW_OVERFLOW) as e:
            self.counter.decrement()

        if e.value is not None:
            assert self.count == 0
        else:
            self.count -= 1

    @invariant(period=10)
    def count(self) -> None:
        assert self.counter.count() == self.count

@chain.connect()
def test_counter():
    CounterTest().run(sequences_count=30, flows_count=100)

Detectors

All vulnerability & code quality detectors can be run using:

wake detect all

A specific detector can be run using:

wake detect <detector-name>

See the documentation for a list of all detectors.

Printers

A specific printer can be run using:

wake print <printer-name>

See the documentation for a list of all printers.

Custom detectors & printers

Refer to the getting started guide for more information. Also check out wake_detectors and wake_printers for the implementation of built-in detectors and printers.