Woke is a Python-based development and testing framework for Solidity.
Project description
Woke
Woke is a Python-based development and testing framework for Solidity.
Features:
-
Testing framework - a testing framework for Solidity smart contracts with Python-native equivalents of Solidity types and blazing fast execution.
-
Fuzzer - a property-based fuzzer for Solidity smart contracts that allows testers to write their fuzz tests in Python.
-
Vulnerability detectors
-
LSP server
Dependencies
- Python (version 3.7 or higher)
- Rosetta must be enabled on Apple Silicon (M1 & M2) Macs
:warning: Python 3.11 is experimentally supported.
Installation
via pip
pip3 install woke
Documentation & Contribution
Woke documentation can be found here.
There you can also find a section on contributing.
Discovered vulnerabilities
Vulnerability | Severity | Project | Method | Discovered by | Resources |
---|---|---|---|---|---|
Profit & loss accounted twice | Critical | IPOR | Fuzz test | Ackee Blockchain | Woke tests |
Console permanent denial of service | High | Brahma | Fuzz test | Ackee Blockchain | Report |
Swap unwinding formula error | High | IPOR | Fuzz test | Ackee Blockchain | Woke tests |
Swap unwinding fee accounted twice | High | IPOR | Fuzz test | Ackee Blockchain | Woke tests |
Incorrect event data | High | Solady | Integration test | Ackee Blockchain | Report, Woke tests |
INTEREST_FROM_STRATEGY_BELOW_ZERO reverts DoS |
Medium | IPOR | Fuzz test | Ackee Blockchain | Woke tests |
Inaccurate hypothetical interest formula | Medium | IPOR | Fuzz test | Ackee Blockchain | Woke tests |
Swap unwinding fee normalization error | Medium | IPOR | Fuzz test | Ackee Blockchain | Woke tests |
Missing receive function | Medium | Axelar | Fuzz test | Ackee Blockchain | Woke tests |
Features
Testing framework
See examples and documentation for more information.
Writing tests is as simple as:
from woke.testing import *
from pytypes.contracts.Counter import Counter
@default_chain.connect()
def test_counter():
default_chain.set_default_accounts(default_chain.accounts[0])
counter = Counter.deploy()
assert counter.count() == 0
counter.increment()
assert counter.count() == 1
Fuzzer
Fuzzer builds on top of the testing framework and allows efficient fuzz testing of Solidity smart contracts.
from woke.testing import *
from woke.testing.fuzzing import *
from pytypes.contracts.Counter import Counter
class CounterTest(FuzzTest):
def pre_sequence(self) -> None:
self.counter = Counter.deploy()
self.count = 0
@flow()
def increment(self) -> None:
self.counter.increment()
self.count += 1
@flow()
def decrement(self) -> None:
with may_revert(Panic(PanicCodeEnum.UNDERFLOW_OVERFLOW)) as e:
self.counter.decrement()
if e.value is not None:
assert self.count == 0
else:
self.count -= 1
@invariant(period=10)
def count(self) -> None:
assert self.counter.count() == self.count
@default_chain.connect()
def test_counter():
default_chain.set_default_accounts(default_chain.accounts[0])
CounterTest().run(sequences_count=30, flows_count=100)
Vulnerability detectors
Vulnerability detectors can be run using:
woke detect
LSP server
Woke implements an LSP server for Solidity. The only currently supported communication channel is TCP.
Woke LSP server can be run using:
woke lsp
Or with an optional --port argument (default 65432):
woke lsp --port 1234
All LSP server features can be found in the documentation.
License
This project is licensed under the ISC license.
Partners
RockawayX | Coinbase |
---|---|
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.