• Stars
    star
    292
  • Rank 142,152 (Top 3 %)
  • Language
    Go
  • License
    GNU Affero Genera...
  • Created about 3 years ago
  • Updated about 2 months ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Parallelized, coverage-guided, mutational Solidity smart contract fuzzing, powered by go-ethereum

medusa

medusa is a cross-platform go-ethereum-based smart contract fuzzer inspired by Echidna. It provides parallelized fuzz testing of smart contracts through CLI, or its Go API that allows custom user-extended testing methodology.

Disclaimer: Please note that medusa is an experimental smart contract fuzzer. Currently, it should not be adopted into production systems. We intend for medusa to reach the same capabilities and maturity that Echidna has. Until then, be careful using medusa as your primary smart contract fuzz testing solution. Additionally, please be aware that the Go-level testing API is still under development and is subject to breaking changes.

Features

medusa provides support for:

  • ✔️Parallel fuzzing and testing methodologies across multiple workers (threads)
  • ✔️Assertion and property testing: built-in support for writing basic Solidity property tests and assertion tests
  • ✔️Mutational value generation: fed by compilation and runtime values.
  • ✔️Coverage collecting: Coverage increasing call sequences are stored in the corpus
  • ✔️Coverage guided fuzzing: Coverage increasing call sequences from the corpus are mutated to further guide the fuzzing campaign
  • ✔️Extensible low-level testing API through events and hooks provided throughout the fuzzer, workers, and test chains.
  • Extensible high-level testing API allowing for the addition of per-contract or global post call/event property tests with minimal effort.

Installation

Precompiled binaries

To use medusa, first ensure you have crytic-compile and a suitable compilation framework (e.g. solc, hardhat) installed on your machine.

You can then fetch the latest binaries for your platform from our GitHub Releases page.

Building from source

Requirements

  • You must have at least go 1.18 installed.
  • [Windows only] The go-ethereum dependency may require TDM-GCC to build.

Steps

  • Clone the repository, then execute go build in the repository root.
  • Go will automatically fetch all dependencies and build a binary for you in the same folder when completed.

Usage

Although we recommend users run medusa in a configuration file driven format for more customizability, you can also run medusa through the CLI directly. We provide instructions for both below.

We recommend you familiarize yourself with writing assertion and property tests for Echidna. medusa supports Echidna-like property testing with config-defined function prefixes (default: fuzz_) and assertion testing using Solidity assert(...) statements.

Command-line only

You can use the following command to run medusa against a contract:

medusa fuzz --target contract.sol --deployment-order ContractName

Where:

  • --target specifies the path crytic-compile should use to compile contracts
  • --deployment-order specifies comma-separated names of contracts to be deployed for testing.

Note: Check out the command-line interface wiki page, or run medusa --help for more information.

Configuration file driven

The preferred method to use medusa is to enter your project directory (hardhat directory, or directory with your contracts), then execute the following command:

medusa init

This will create a medusa.json in your current folder. There are two required fields that should be set correctly:

  • Set your "target" under "compilation" to point to the file/directory which crytic-compile should use to build your contracts.
  • Put the names of any contracts you wish to deploy and run tests against in the "deploymentOrder" field. This must be non-empty.

After you have a configuration in place, you can execute:

medusa fuzz

This will use the medusa.json configuration in the current directory and begin the fuzzing campaign.

Note: Check out the project configuration wiki page, or run medusa --help for more information.

Running Unit Tests

First, install crytic-compile, solc-select, and ensure you have solc (version >=0.8.7), and hardhat available on your system.

  • From the root of the repository, invoke go test -v ./... on through command-line to run tests from all packages at or below the root.
    • Or enter each package directory to run go test -v . to test the immediate package.
    • Note: the -v parameter provides verbose output.
  • Otherwise, use an IDE like GoLand to visualize the tests and logically separate output.

FAQs

Why create medusa if Echidna is already working just fine?

With medusa, we are exploring a different EVM implementation and language for our smart contract fuzzer. We believe that experimenting with a new fuzzer provides us with the following benefits:

  • Since medusa is written in Go, we believe that this will lower the barrier of entry for external contributions. We have taken great care in thoroughly commenting our code so that it is easy for new contributors to get up-to-speed and start contributing!
  • The use of Go allows us to build an API to hook into the various parts of the fuzzer to build custom testing methodologies. See the API Overview (WIP) section in the Wiki for more details.
  • Our forked version of go-ethereum, medusa-geth, exhibits behavior that is closer to that of the EVM in production environments.
  • We can take the lessons we learned while developing Echidna to create a fuzzer that is just as feature-rich but with additional capabilities to create powerful and unique testing methodologies.

Contributing

For information about how to contribute to this project, check out the CONTRIBUTING guidelines.

License

medusa is licensed and distributed under the AGPLv3.

More Repositories

1

slither

Static Analyzer for Solidity and Vyper
Python
5,270
star
2

echidna

Ethereum smart contract fuzzer
Haskell
2,714
star
3

building-secure-contracts

Guidelines and training material to write secure smart contracts
Solidity
2,208
star
4

not-so-smart-contracts

Examples of Solidity security issues
Solidity
2,150
star
5

awesome-ethereum-security

A curated list of awesome Ethereum security references
1,318
star
6

evm-opcodes

Ethereum opcodes and instruction reference
1,300
star
7

ethersplay

EVM dissassembler
Python
836
star
8

solc-select

Manage and switch between Solidity compiler versions
Python
747
star
9

blockchain-security-contacts

Directory of security contacts for blockchain companies
400
star
10

pyevmasm

Ethereum Virtual Machine (EVM) disassembler and assembler
Python
353
star
11

rattle

evm binary static analysis
Python
349
star
12

etheno

Simplify Ethereum security analysis and testing
Python
330
star
13

ida-evm

IDA Processor Module for the Ethereum Virtual Machine (EVM)
Python
307
star
14

properties

Pre-built security properties for common Ethereum operations
Solidity
281
star
15

crytic-compile

Abstraction layer for smart contract build systems
Python
150
star
16

amarna

Amarna is a static-analyzer and linter for the Cairo programming language.
Python
148
star
17

caracal

Static Analyzer for Starknet smart contracts
Cairo
130
star
18

slither-action

Shell
128
star
19

evm_cfg_builder

EVM CFG recovery
Python
118
star
20

echidna-streaming-series

A 6-part series on how to use Echidna on real-world codebases
Solidity
97
star
21

optik

Optik is a set of symbolic execution tools that assist smart-contract fuzzers
Python
89
star
22

fuzz-utils

A tool to automatically generate Foundry unit test cases from Echidna and Medusa failed properties
Solidity
89
star
23

roundme

Rust
86
star
24

tayt

StarkNet smart contract fuzzer
Python
75
star
25

diffusc

Experimental tool to ease the review of smart contracts upgrades
Solidity
74
star
26

tealer

Static Analyzer for Teal
Python
61
star
27

echidna-action

GitHub Action to run Echidna, the Ethereum smart contract fuzzer
Shell
59
star
28

attacknet

Tool and testing methodology for subjecting blockchain devnets to simulated network and side channel attacks
Go
54
star
29

fluxture

A crawling framework for blockchains and peer-to-peer systems
Python
46
star
30

secureum-medusa

Solidity
43
star
31

echidna-spearbit-demo

Example code for testing using Echidna explained during the Spearbit presentation
Solidity
39
star
32

slither-docs-action

Write documentation for your code in pull requests using Slither and OpenAI.
TypeScript
36
star
33

solana-lints

Lints based on the Sealevel Attacks
Rust
30
star
34

contract-explorer

Visual Studio Code integration for Slither, a Solidity static analysis framework
TypeScript
30
star
35

echidna-parade

Python
28
star
36

trailofbits-security

The Trail of Bits Truffle Security Toolbox
JavaScript
24
star
37

whipstaff

A specification of the CBC Casper consensus protocols written in TLA+ and PlusCal (transpiled to TLA+)
TLA
20
star
38

cloudexec

A general purpose foundation for cloud-based fuzzing and mutation testing jobs
Go
17
star
39

damn-vulnerable-defi-echidna

Solidity
12
star
40

slither-docs-demo

A demo on how to use the slither-docs actions (https://github.com/crytic/slither-docs-action)
Solidity
11
star
41

medusa-geth

A go-ethereum fork enabling additional testing capabilities for medusa
10
star
42

amarna-action

Github action for the Amarna static analyzer
Shell
9
star
43

slightly-smarter-contracts

Python
7
star
44

vscode-starknet-explorer

StarkNet support extension for VSCode. Visualize StarkNet contracts: view storage variables, external and view functions, and events.
TypeScript
6
star
45

solc

4
star
46

fuzz-vs-fv

TypeScript
4
star
47

embark-contract-info

embark-contract-info
JavaScript
3
star
48

addressarrayutils_demo

Demonstration for using echidna to test a Solidity library
Solidity
2
star
49

remix-plugin-8000

JavaScript
2
star
50

ethdam

2
star
51

slither-workshop

Slither workshop (secureum)
Python
1
star
52

slither-lsp

Python
1
star