crytic/echidna v2.3.0

Echidna 2.3.0

on GitHub

Echidna 2.3.0 introduces symbolic execution capabilities to complement traditional fuzzing workflows. This update adds two verification modes that combine fuzzing with formal verification techniques, alongside improvements to debugging workflows and Foundry integration.

• Enhanced symbolic execution. Echidna now offers a verification mode for analyzing stateless functions alongside the traditional mode for discovering assertion failures in stateful scenarios. Verification mode performs exhaustive analysis of single-transaction code paths, similar to tools like Halmos and hevm, providing formal guarantees when tests pass. The traditional mode combines traditional fuzzing with symbolic execution, using your accumulated corpus to explore states more exhaustively. You can now use Bitwuzla, cvc5 or Z3 as the solvers.
• Foundry reproducer generation for debugging workflows. Echidna can now generate Foundry test cases that reproduce discovered bugs. This initial implementation creates standalone reproducers for failed assertions.
• Revamped HTML coverage reports. The HTML coverage reporting system has been redesigned to provide clearer, more actionable insights, in a manner similar to medusa. The coverage output directory can now be independently configured using the coverageDir option.
• Improved debugging experience with comprehensive event logging. When properties or assertions fail, Echidna now displays all events from all transactions in the sequence, giving you complete visibility into state changes leading to the failure. Deployment failures now show the full execution trace instead of just a list of events, making initialization issues easier to diagnose. The shrinking process now logs its status in text mode, providing visibility into how Echidna minimizes failing test cases.
• Streamlined codebase through removal of deprecated features. Echidna 2.3.0 removes Etheno integration (including the initialize configuration option), gas estimation (estimateGas option), and concolic execution (symExecConcolic option). These features saw limited adoption and their removal simplifies the codebase while improving overall performance and maintainability. If your workflows depend on these features, please reach out to the team before upgrading.

Additional improvements:

• Values from tuple elements are automatically extracted into the fuzzing dictionary
• Enhanced callback (multicall-style) encoding support for more accurate smart contract testing
• Docker image now includes Foundry, Z3, Bitwuzla
• Haskell runtime system options (rtsopts) are now enabled on release builds, allowing users to tweak Echidna for better memory use and performance in their environments

The full changelog is provided below:

Added

• Store event changes into Echidna's corpus by @divyaranjan1905 in #1405
• Add values from tuple elements into the dictionary by @gustavo-grieco in #1406
• Test older solc versions on merge by @elopez in #1412
• docker: update base image; build with musl; include z3, bitwuzla by @elopez in #1422
• flake: add bitwuzla and cvc5 to fuzz shell by @elopez in #1425
• tests: fix default config to match default values in code by @elopez in #1429
• Add independent coverage directory configuration option by @BowTiedRadone in #1428
• Revamp HTML coverage report by @elopez in #1415
• Added initial support for generation of foundry reproducers by @gustavo-grieco in #1437
• Set up proper reversion state when loading transactions by @gustavo-grieco in #1453
• Support for encoding valid calls for callbacks by @gustavo-grieco in #1444
• echidna: enable rtsopts by @elopez in #1457
• add foundry to docker image by @bsamuels453 in #1469
• Show trace instead of list of events when deployment failed by @gustavo-grieco in #1466
• Log shrinking status by @BowTiedRadone in #1454
• Show all events from all the transactions when a property or assertion fails by @gustavo-grieco in #1475

Fixed

• fix: reduce html class names to their first letters by @divyaranjan1905 in #1404
• Clean up subState when setting up transactions by @elopez in #1408
• Reworked symbolic execution code by @gustavo-grieco in #1394
• Fix CI tests by @elopez in #1414
• Speed up coverage filename calculation by @elopez in #1411
• Reduce test flakiness by @elopez in #1416
• Test improvements by @elopez in #1421
• Only verify suitable methods by @gustavo-grieco in #1431
• docs: fix incorrect Docker volume mount command by @zkpepe in #1433
• ci: macos: add missing gmp rewrite by @elopez in #1440
• fix: ppAbiValue mapping in JSON.mapCall for SolCall by @VolodymyrBg in #1445
• Fix build failure with GHC 9.10 by @elopez in #1446
• scripts: libff: enable C++11 on build by @elopez in #1447
• Fixed event decoding crash by @gustavo-grieco in #1450
• Add solc constraint to the callback test by @gustavo-grieco in #1458
• Symbolic execution fixes to make sure no counter example is missed by @gustavo-grieco in #1441
• Include value into json output and use string instead of integer by @gustavo-grieco in #1460
• Do not fetch if etherscan key is not available and support different chain ids by @gustavo-grieco in #1492

Updated

• build(deps): bump DeterminateSystems/nix-installer-action from 18 to 19 by @dependabot[bot] in #1407
• build(deps): bump actions/download-artifact from 4 to 5 by @dependabot[bot] in #1418
• build(deps): bump actions/checkout from 4 to 5 by @dependabot[bot] in #1419
• Update hevm to 9982c580ed19b88ebab9744d29d940fd2f0bd8c6 by @elopez in #1417
• flake: update nixpkgs, foundry, bitwuzla by @elopez in #1427
• Update CODEOWNERS by @elopez in #1432
• Update references to hevm repository by @elopez in #1435
• build(deps): bump actions/setup-python from 5 to 6 by @dependabot[bot] in #1442
• build(deps): bump softprops/action-gh-release from 2.3.2 to 2.3.3 by @dependabot[bot] in #1443
• build(deps): bump DeterminateSystems/nix-installer-action from 19 to 20 by @dependabot[bot] in #1451
• ci: macos-13 -> macos-15-intel by @elopez in #1455
• build(deps): bump actions/upload-artifact from 4 to 5 by @dependabot[bot] in #1478
• build(deps): bump sigstore/gh-action-sigstore-python from 3.0.1 to 3.1.0 by @dependabot[bot] in #1479
• build(deps): bump actions/download-artifact from 5 to 6 by @dependabot[bot] in #1477
• build(deps): bump softprops/action-gh-release from 2.3.3 to 2.4.2 by @dependabot[bot] in #1481
• build(deps): bump actions/checkout from 5 to 6 by @dependabot[bot] in #1483
• Echidna 2.3 RC by @gustavo-grieco in #1467
• build(deps): bump DeterminateSystems/nix-installer-action from 20 to 21 by @dependabot[bot] in #1482
• build(deps): bump softprops/action-gh-release from 2.4.2 to 2.5.0 by @dependabot[bot] in #1488
• Update hevm to 9ba5e52fc7ec7ae6f7f3a25d5ee426625d2aa9d by @elopez in #1487
• build(deps): bump sigstore/gh-action-sigstore-python from 3.1.0 to 3.2.0 by @dependabot[bot] in #1491

Removed

• Drop Etheno support by @elopez in #1402
• Drop estimateGas support by @elopez in #1403

New Contributors

• @divyaranjan1905 made their first contribution in #1404
• @zkpepe made their first contribution in #1433
• @BowTiedRadone made their first contribution in #1428
• @VolodymyrBg made their first contribution in #1445
• @bsamuels453 made their first contribution in #1469

Full Changelog: v2.2.7...v2.3.0