Litcius/Paper detail

Echidna: effective, usable, and fast fuzzing for smart contracts

Gustavo Grieco, Will Song, Artur Cygan, Josselin Feist, Alex Groce

2020198 citationsDOI

Abstract

Ethereum smart contracts---autonomous programs that run on a blockchain---often control transactions of financial and intellectual property. Because of the critical role they play, smart contracts need complete, comprehensive, and effective test generation. This paper introduces an open-source smart contract fuzzer called Echidna that makes it easy to automatically generate tests to detect violations in assertions and custom properties. Echidna is easy to install and does not require a complex configuration or deployment of contracts to a local blockchain. It offers responsive feedback, captures many property violations, and its default settings are calibrated based on experimental data. To date, Echidna has been used in more than 10 large paid security audits, and feedback from those audits has driven the features and user experience of Echidna, both in terms of practical usability (e.g., smart contract frameworks like Truffle and Embark) and test generation strategies. Echidna aims to be good at finding real bugs in smart contracts, with minimal user effort and maximal speed.

Topics & Concepts

Fuzz testingSmart contractComputer scienceUSableAuditUsabilityComputer securityProperty (philosophy)Intellectual propertySoftware engineeringBlockchainSoftwareProgramming languageWorld Wide WebAccountingOperating systemBusinessEpistemologyPhilosophyAdvanced Malware Detection TechniquesBlockchain Technology Applications and SecuritySecurity and Verification in Computing