Installation

pip3 install eth-wake

Solidity (Wake)

Features

Testing framework based on pytest
Fuzzer
Vulnerability & code quality detectors
Printers
LSP server
VS Code extension Solidity (Wake)
Static analysis framework
Github action with CodeQL code scanning support
Solc version manager

Testing Framework

Development and testing framework for Solidity smart contracts with pytypes, Python-native equivalents of Solidity types, and blazing-fast execution.

See examples and documentation for more information.

from wake.testing import *
from pytypes.contracts.Counter import Counter

@default_chain.connect()
def test_counter():
    counter = Counter.deploy()
    assert counter.count() == 0

    counter.increment()
    assert counter.count() == 1

Fuzzer

A property-based fuzzer for Solidity smart contracts
that enables testers to write their fuzz tests in Python.

The fuzzer builds on top of the testing framework,
and allows efficient fuzz testing of Solidity smart contracts.

from wake.testing import *
from wake.testing.fuzzing import *
from pytypes.contracts.Counter import Counter

class CounterTest(FuzzTest):
    def pre_sequence(self) -> None:
        self.counter = Counter.deploy()
        self.count = 0

    @flow()
    def increment(self) -> None:
        self.counter.increment()
        self.count += 1

    @flow()
    def decrement(self) -> None:
        with with may_revert(PanicCodeEnum.UNDERFLOW_OVERFLOW) as e:
            self.counter.decrement()

        if e.value is not None:
            assert self.count == 0
        else:
            self.count -= 1

    @invariant(period=10)
    def count(self) -> None:
        assert self.counter.count() == self.count

@default_chain.connect()
def test_counter():
    CounterTest().run(sequences_count=30, flows_count=100)

Vulnerability & code quality detectors

High-precision static analysis detectors focused on minimizing false positives, inspired by real audit findings.

How to run detectors:

wake detect

Solidity (Wake)

Learn more

Visual Studio Code Solidity extension powered by Wake.
Displays live results of vulnerability detectors along with compiler warnings and errors, helping developers better understand code.

Wake stops hacks

Wake is used by Ackee Blockchain Security to perform smart contract audits,
and it helped us discover a bunch of high and critical vulnerabilities.

Vulnerability

Severity

Project

Discovered by

Resources

Profit & loss accounted twice

Critical

IPOR

Fuzz test

Wake tests

Loan refinancing reentrancy

Critical

PWN

Detector

Report

Incorrect optimization in loan refinancing

Critical

PWN

Fuzz test

Report,
Wake tests

Console permanent denial of service

High

Brahma

Fuzz test

Report

Swap unwinding formula error

High

IPOR

Fuzz test

Wake tests

Swap unwinding fee accounted twice

High

IPOR

Fuzz test

Wake tests

Incorrect event data

High

Solady

Integration test

Report,
Wake tests

INTEREST_FROM_
STRATEGY_BELOW_
ZERO reverts DoS

Medium

IPOR

Fuzz test

Wake tests

Inaccurate hypothetical interest formula

Medium

IPOR

Fuzz test

Wake tests

Medium

IPOR

Fuzz test

Wake tests

Swap unwinding fee normalization error

Missing receive function

Medium

Axelar

Fuzz test

Wake tests

SafeERC20 not used for approve

Medium

Lido

Fuzz test

Wake tests

Non-optimistic vetting &
unbonded keys bad accounting

Medium

Lido

Fuzz test

Wake tests

What Wake can do

Development & testing

Auto-completions when writing tests and deployment scripts thanks to pytypes
Type checking for all types generated in pytypes
Property-based fuzzer with multiprocessing to maximize the amount of tested inputs
Cross-chain testing support
Integrated Python debugger (ipdb) attached to test failures
Call traces and console.log support for easier debugging
Deployment scripts support
Better performance than other Python or JavaScript frameworks

Static analysis

Set of ready-to-use vulnerability & code quality detectors
Set of ready-to-use printers for extracting and pretty-printing useful information from the project
API for implementing custom detectors and printers
Github action for automatic execution of detectors in a pipeline
Filtering of detections using minimal confidence and impact