Wake is a Python-based Solidity development and testing framework with built-in vulnerability detectors.
Project description
Wake
The fuzzing and testing framework for Solidity, written in Python. Wake helps you write safer smart contracts, faster.
Built by Ackee Blockchain Security — trusted auditors of Lido, Safe, and Axelar.
Why Wake?
- Built-in fuzzing — automatically generate diverse inputs and edge cases to uncover hidden vulnerabilities
- Vulnerability detectors — catch reentrancy, overflows, and logic flaws early
- Seamless developer experience — VS Code extension, GitHub Actions, solc manager
- Cross-chain testing — works with Anvil, Hardhat, and Ganache
Features and benefits
- Testing framework based on pytest — write clean, simple tests with familiar tooling
- Manually-guided fuzzing (MGF) — combine automated fuzzing with human insights to target specific contract behaviors and edge cases
- Property-based fuzzer — automatically generate diverse inputs to uncover hidden bugs faster
- Deployments & mainnet interactions — test contracts in realistic environments before going live
- Vulnerability and code quality detectors — detect reentrancy, overflows, and bad patterns early in development
- Printers for extracting useful information from Solidity code — gain insights into contract structures and flows
- Static analysis framework for custom detectors and printers — extend Wake with project-specific rules
- GitHub actions for setting up Wake and running detectors — integrate seamlessly into CI/CD pipelines
- Language server (LSP) — get autocompletion, hints, and references inside your IDE
- VS Code extension (Solidity (Wake)) — instant feedback while writing Solidity code
- Solc version manager — manage compiler versions with ease for consistent builds
Wake vs other tools
| Slither | ApeWorx | Brownie | Hardhat | Foundry | Wake | |
|---|---|---|---|---|---|---|
| Language | Python | Python | Python | Typescript | Rust | Python |
| Maintained | ✅ | ✅ | ❌ | ✅ | ✅ | ✅ |
| Testing | ❌ | ✅ | ✅ | ✅ | ✅ | ✅ |
| Fuzzing | ❌ | ❌ | ✅* | ✅** | ✅ | ✅ |
| Detectors | ✅ | ❌ | ❌ | ❌ | ❌ | ✅ |
| Language server | ❌ | ❌ | ❌ | ✅ | ❌ | ✅ |
* available with Hypothesis plugin ** only in Solidity
Dependencies
- Python (version 3.8 or higher)
- Rosetta must be enabled on Apple Silicon Macs
Installation
via pip
pip3 install eth-wake
Discovered vulnerabilities
| Vulnerability | Severity | Project | Method | Discovered by | Resources |
|---|---|---|---|---|---|
| Profit & loss accounted twice | Critical | IPOR | Fuzz test | Ackee Blockchain | Report, Wake tests |
| Loan refinancing reentrancy | Critical | PWN | Detector | Ackee Blockchain | Report |
| Incorrect optimization in loan refinancing | Critical | PWN | Fuzz test | Ackee Blockchain | Report, Wake tests |
| Incorrect enqueued keys accounting | High | Lido | Fuzz test | Ackee Blockchain | Report, Wake tests |
| Console permanent denial of service | High | Brahma | Fuzz test | Ackee Blockchain | Report |
| Swap unwinding formula error | High | IPOR | Fuzz test | Ackee Blockchain | Report, Wake tests |
| Swap unwinding fee accounted twice | High | IPOR | Fuzz test | Ackee Blockchain | Report, Wake tests |
| Incorrect event data | High | Solady | Integration test | Ackee Blockchain | Report, Wake tests |
INTEREST_FROM_STRATEGY_BELOW_ZERO reverts DoS |
Medium | IPOR | Fuzz test | Ackee Blockchain | Report, Wake tests |
| Inaccurate hypothetical interest formula | Medium | IPOR | Fuzz test | Ackee Blockchain | Report, Wake tests |
| Swap unwinding fee normalization error | Medium | IPOR | Fuzz test | Ackee Blockchain | Report, Wake tests |
| Liquidation deposits accounted into LP balance | Medium | IPOR | Fuzz test | Ackee Blockchain | Report, Wake tests |
| Missing receive function | Medium | Axelar | Fuzz test | Ackee Blockchain | Wake tests |
SafeERC20 not used for approve |
Medium | Lido | Fuzz test | Ackee Blockchain | Wake tests |
| Non-optimistic vetting & unbonded keys bad accounting | Medium | Lido | Fuzz test | Ackee Blockchain | Report, Wake tests |
| Chainlink common denominator bad logic | Medium | PWN | Fuzz test | Ackee Blockchain | Report, Wake tests |
| Outdated/reverting Chainlink feed causes DoS | Medium | PWN | Fuzz test | Ackee Blockchain | Report, Wake tests |
| Incorrect EIP-712 typehash | Medium | PWN | Detector | Ackee Blockchain | Report |
| Incorrect EIP-712 data encoding | Medium | PWN | Fuzz test | Ackee Blockchain | Report, Wake tests |
Features in-depth
Fuzzer
Wake’s fuzzer builds on top of the testing framework and allows efficient fuzz testing of Solidity smart contracts.
from wake.testing import *
from wake.testing.fuzzing import *
from pytypes.contracts.Counter import Counter
class CounterTest(FuzzTest):
def pre_sequence(self) -> None:
self.counter = Counter.deploy()
self.count = 0
@flow()
def increment(self) -> None:
self.counter.increment()
self.count += 1
@flow()
def decrement(self) -> None:
with may_revert(PanicCodeEnum.UNDERFLOW_OVERFLOW) as e:
self.counter.decrement()
if e.value is not None:
assert self.count == 0
else:
self.count -= 1
@invariant(period=10)
def count(self) -> None:
assert self.counter.count() == self.count
@chain.connect()
def test_counter():
CounterTest().run(sequences_count=30, flows_count=100)
Detectors and printers
All vulnerability & code quality detectors can be run using:
wake detect all
Run a specific detector:
wake detect <detector-name>
See the documentation for a full list of detectors.
Run a printer:
wake print <printer-name>
See the documentation for a full list of printers.
For custom detectors & printers, check the getting started guide and repos for wake_detectors and wake_printers.
LSP Server
Wake implements an LSP server for Solidity. Run it with:
wake lsp
Or specify a port (default 65432):
wake lsp --port 1234
See all features in the documentation.
Documentation, contribution and community
- Wake documentation
- Contributing guide
- Follow X/Twitter for updates and tips
License
This project is licensed under the ISC license.
Partners
| RockawayX | Coinbase |
|---|---|
 |
 |
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
eth_wake-4.22.1.tar.gz
(900.6 kB
view details)
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file eth_wake-4.22.1.tar.gz.
File metadata
- Download URL: eth_wake-4.22.1.tar.gz
- Upload date:
- Size: 900.6 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: poetry/2.3.2 CPython/3.11.14 Linux/6.14.0-1017-azure
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
e35a2ac1589a1770833665dbe8414c177b42203c309c34da45aad727d31e9eef
|
|
| MD5 |
5e410922291dd9f9bafaf0885bf38f45
|
|
| BLAKE2b-256 |
7da16562703164bf7d18e0698352f66823508de7de1e3a5198b05beafc402927
|
File details
Details for the file eth_wake-4.22.1-py3-none-any.whl.
File metadata
- Download URL: eth_wake-4.22.1-py3-none-any.whl
- Upload date:
- Size: 1.1 MB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: poetry/2.3.2 CPython/3.11.14 Linux/6.14.0-1017-azure
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
f3347499012b8592ad5327fac732133626d7e12c69037d43d87ce098b445b4fc
|
|
| MD5 |
389c905f7dc93d467747fef583a7b793
|
|
| BLAKE2b-256 |
500311dd557d20ff55271b0fc56e7583bc859b867d423ef298633fcc7850f9eb
|
