Installation

pip3 install eth-wake

Tools for Solidity (Wake)

GitHub

Documentation

Whitepaper

Features

Testing framework based on pytest
Fuzzer
Vulnerability & code quality detectors
Printers
LSP server
VS Code extension (Tools for Solidity)
Static analysis framework
Github action with CodeQL code scanning support
Solc version manager

Testing Framework

Development and testing framework for Solidity smart contracts with pytypes, Python-native equivalents of Solidity types and blazing-fast execution.

See examples and documentation for more information.

from wake.testing import *
from pytypes.contracts.Counter import Counter

@default_chain.connect()
def test_counter():
    counter = Counter.deploy()
    assert counter.count() == 0

    counter.increment()
    assert counter.count() == 1

Fuzzer

Property-based fuzzer for Solidity smart contracts that allows testers to write their fuzz tests in Python.

Fuzzer builds on top of the testing framework and allows efficient fuzz testing of Solidity smart contracts.

from wake.testing import *
from wake.testing.fuzzing import *
from pytypes.contracts.Counter import Counter

class CounterTest(FuzzTest):
    def pre_sequence(self) -> None:
        self.counter = Counter.deploy()
        self.count = 0

    @flow()
    def increment(self) -> None:
        self.counter.increment()
        self.count += 1

    @flow()
    def decrement(self) -> None:
        with with may_revert(PanicCodeEnum.UNDERFLOW_OVERFLOW) as e:
            self.counter.decrement()

        if e.value is not None:
            assert self.count == 0
        else:
            self.count -= 1

    @invariant(period=10)
    def count(self) -> None:
        assert self.counter.count() == self.count

@default_chain.connect()
def test_counter():
    CounterTest().run(sequences_count=30, flows_count=100)

Vulnerability & code quality detectors

High precision static analysis detectors focused on minimising false positives inspired by real audit findings.

How to run detectors:

wake detect

Tools for Solidity (Wake)

Learn more

Visual Studio Code Solidity extension, powered by Wake. Displays real-time results of vulnerability detectors along with compiler warnings and errors and helps developers understand the code better.

Wake stops hacks

Wake is used by Ackee Blockchain team to perform smart contract audits - and it helped to discover a bunch of high and critical vulnerabilities.

Vulnerability

Severity

Project

Discovered by

Resources

Profit & loss accounted twice

Critical

IPOR

Fuzz test

Wake tests

Console permanent denial of service

High

Brahma

Fuzz test

Report

Swap unwinding formula error

High

IPOR

Fuzz test

Wake tests

Swap unwinding fee accounted twice

High

IPOR

Fuzz test

Wake tests

Incorrect event data

High

Solady

Integration test

Report,
Wake tests

INTEREST_FROM_
STRATEGY_BELOW_
ZERO reverts DoS

Medium

IPOR

Fuzz test

Wake tests

Inaccurate hypothetical interest formula

Medium

IPOR

Fuzz test

Wake tests

Swap unwinding fee normalization error

Medium

IPOR

Fuzz test

Wake tests

Missing receive function

Medium

Axelar

Fuzz test

Wake tests

Medium

Lido

Fuzz test

Wake tests

SafeERC20 not used for approve

What Wake can do

Development & testing

Auto-completions when writing tests and deployment scripts thanks to pytypes
Type checking for all types generated in pytypes
Property-based fuzzer leveraging multiprocessing to maximize the amount of inputs tested
Cross-chain testing support
Integrated Python debugger (ipdb) attached on test failures
Call traces and console.log support for easier debugging
Deployment scripts support
Better performance than other Python or JavaScript frameworks

Static analysis

Set of ready-to-use vulnerability & code quality detectors
Set of ready-to-use printers for extracting and pretty-printing useful information from the project
API for implementing custom detectors and printers
Github action for automatic execution of detectors in a pipeline
Filtering of detections using minimal confidence and impact