Solidity development and fuzz testing framework with vulnerability detectors for writing secure dapps on Ethereum

Documentation

Whitepaper

Why Wake?

Inbuilt fuzzing

Vulnerability detectors

Automatically generate diverse inputs and edge cases to uncover hidden vulnerabilities.

Catch reentrancy, overflows, and logic flaws easily.

Seamless devex

Cross-chain testing

VS Code extension, GitHub Actions, solc manager.

Works with Anvil, Hardhat and Ganache.

Features & benefits

Testing framework based on pytest:
Write clean, simple tests with familiar tooling
Property-based fuzzer: Combine automated fuzzing with human insights to target specific contract behaviors and edge cases
Deployments & mainnet interactions: Test contracts in realistic environments before going live
Vulnerability and code quality detectors: Detect reentrancy, overflows, and bad patterns early in development
Printers for extracting useful information from Solidity code: Gain insights into contract structures and flows
Static analysis framework for custom detectors and printers: Extend Wake with project-specific rules
GitHub actions for setting up Wake and running detectors: Integrate seamlessly into CI/CD pipelines
Language server (LSP): Get autocompletion, hints, and references inside your IDE
VS Code extension Solidity (Wake): Get instant feedback while writing Solidity code
Solc version manager: Manage compiler versions with ease for consistent builds

Wake vs other tools

Wake

Slither

ApeWorx

Brownie

Hardhat

Foundry

Language

Python

Typescript

Rust

Maintained

Yes

Testing

Yes

Fuzzing

Yes

Yes*

Yes**

Yes

Detectors

Yes

Language server

Yes

* Available with Hypothesis plugin
** Only in Solidity

Wake stops hacks

Wake is used by Ackee Blockchain Security to perform smart contract audits, and it helped us discover a bunch of high and critical vulnerabilities.

Vulnerability

Severity

Project

Discovered by

Resources

Profit & loss accounted twice

Critical

IPOR

Fuzz test

Report,
Wake tests

Loan refinancing reentrancy

Critical

PWN

Detector

Report

Incorrect optimization in loan refinancing

Critical

PWN

Fuzz test

Report,
Wake tests

Incorrect enqueued keys accounting

High

Lido

Fuzz test

Report,
Wake tests

Console permanent denial of service

High

Brahma

Fuzz test

Report

Swap unwinding formula error

High

IPOR

Fuzz test

Report,
Wake tests

Swap unwinding fee accounted twice

High

IPOR

Fuzz test

Report,
Wake tests

Incorrect event data

High

Solady

Integration test

Report,
Wake tests

INTEREST_FROM_
STRATEGY_BELOW_
ZERO reverts DoS

Medium

IPOR

Fuzz test

Report,
Wake tests

Medium

IPOR

Fuzz test

Report,
Wake tests

Inaccurate hypothetical interest formula

Medium

IPOR

Fuzz test

Wake tests

Swap unwinding fee normalization error

Missing receive function

Medium

Axelar

Fuzz test

Wake tests

SafeERC20 not used for approve

Medium

Lido

Fuzz test

Wake tests

Non-optimistic vetting & unbonded keys bad accounting

Medium

Lido

Fuzz test

Report,
Wake tests

Installation

pip3 install eth-wake

Solidity (Wake)

Python 3.8 or higher,
Rosetta on Apple Silicon

Features in depth

Testing framework

Development and testing framework for Solidity smart contracts with pytypes, Python-native equivalents of Solidity types, and blazing-fast execution.
‍

Find more information in examples and documentation.

from wake.testing import *
from pytypes.contracts.Counter import Counter

@chain.connect()
def test_counter():
    counter = Counter.deploy()
    assert counter.count() == 0

    counter.increment()
    assert counter.count() == 1

Fuzzer

A property-based fuzzer for Solidity smart contracts
that enables testers to write their fuzz tests in Python.

The fuzzer builds on top of the testing framework,
and allows efficient fuzz testing of Solidity smart contracts.

from wake.testing import *
from wake.testing.fuzzing import *
from pytypes.contracts.Counter import Counter

class CounterTest(FuzzTest):
    def pre_sequence(self) -> None:
        self.counter = Counter.deploy()
        self.count = 0

    @flow()
    def increment(self) -> None:
        self.counter.increment()
        self.count += 1

    @flow()
    def decrement(self) -> None:
        with with may_revert(PanicCodeEnum.UNDERFLOW_OVERFLOW) as e:
            self.counter.decrement()

        if e.value is not None:
            assert self.count == 0
        else:
            self.count -= 1

    @invariant(period=10)
    def count(self) -> None:
        assert self.counter.count() == self.count

@default_chain.connect()
def test_counter():
    CounterTest().run(sequences_count=30, flows_count=100)

Vulnerability & code quality detectors

High-precision static analysis detectors focused on minimizing false positives, inspired by real audit findings.

How to run detectors:

wake detect all

Solidity (Wake)

Learn more

Visual Studio Code Solidity extension powered by Wake.
Displays live results of vulnerability detectors along with compiler warnings and errors, helping developers better understand code.

What Wake can do

Development & testing

Auto-completions when writing tests and deployment scripts thanks to pytypes
Type checking for all types generated in pytypes
Property-based fuzzer with multiprocessing to maximize the amount of tested inputs
Cross-chain testing support
Integrated Python debugger (ipdb) attached to test failures
Call traces and console.log support for easier debugging
Deployment scripts support
Better performance than other Python or JavaScript frameworks

Static analysis

Set of ready-to-use vulnerability & code quality detectors
Set of ready-to-use printers for extracting and pretty-printing useful information from the project
API for implementing custom detectors and printers
Github action for automatic execution of detectors in a pipeline
Filtering of detections using minimal confidence and impact