crytic · montyly · Feb 21, 2023 · Feb 21, 2023 · Feb 21, 2023 · Feb 21, 2023
@@ -68,35 +68,36 @@
 
 - [Program Analysis](./program-analysis/README.md)
     - [Echidna](./program-analysis/echidna/README.md)
-        - [Introduction]()
-            - [Introduction to fuzzing](./program-analysis/echidna/fuzzing-introduction.md)
-            - [How to test a property](./program-analysis/echidna/how-to-test-a-property.md)
-        - [Basic]()
-            - [How to select the most suitable testing mode](./program-analysis/echidna/testing-modes.md)
-            - [How to select the best testing approach](./program-analysis/echidna/common-testing-approaches.md)
-            - [How to filter functions](./program-analysis/echidna/filtering-functions.md)
-            - [How to test assertions](./program-analysis/echidna/assertion-checking.md)
-            - [How to write good properties step by step](./program-analysis/echidna/property-creation.md)
-            - [Frequently Asked Questions](./program-analysis/echidna/frequently_asked_questions.md)
-        -  [Advanced]()
-            - [How to collect a corpus](./program-analysis/echidna/collecting-a-corpus.md)
-            - [How to use optimization mode](./program-analysis/echidna/optimization_mode.md)
-            - [How to detect high gas consumption](./program-analysis/echidna/finding-transactions-with-high-gas-consumption.md)
-            - [How to perform smart contract fuzzing at a large scale](./program-analysis/echidna/smart-contract-fuzzing-at-scale.md)
+        - [Introduction](./program-analysis/echidna/introduction/README.md)
+            - [Introduction to fuzzing](./program-analysis/echidna/introduction/fuzzing-introduction.md)
+            - [How to test a property](./program-analysis/echidna/introduction/how-to-test-a-property.md)
+        - [Basic](./program-analysis/echidna/basic/README.md)
+            - [How to select the most suitable testing mode](./program-analysis/echidna/basic/testing-modes.md)
+            - [How to select the best testing approach](./program-analysis/echidna/basic/common-testing-approaches.md)
+            - [How to filter functions](./program-analysis/echidna/basic/filtering-functions.md)
+            - [How to test assertions](./program-analysis/echidna/basic/assertion-checking.md)
+            - [How to write good properties step by step](./program-analysis/echidna/basic/property-creation.md)
+        -  [Advanced](./program-analysis/echidna/advanced/README.md)
+            - [How to collect a corpus](./program-analysis/echidna/advanced/collecting-a-corpus.md)
+            - [How to use optimization mode](./program-analysis/echidna/advanced/optimization_mode.md)
+            - [How to detect high gas consumption](./program-analysis/echidna/advanced/finding-transactions-with-high-gas-consumption.md)
+            - [How to perform smart contract fuzzing at a large scale](./program-analysis/echidna/advanced/smart-contract-fuzzing-at-scale.md)
 
-            - [How to test bytecode-only contracts](./program-analysis/echidna/testing-bytecode.md)
-            - [How to use hevm cheats to test permit](./program-analysis/echidna/hevm-cheats-to-test-permit.md)
-            - [How to seed Echidna with unit tests](./program-analysis/echidna/end-to-end-testing.md)
-            - [Understanding and using `multi-abi`](./program-analysis/echidna/using-multi-abi.md)
-            - [Fuzzing tips](./program-analysis/echidna/fuzzing_tips.md)
-        - [Exercises]()
-            - [Exercise 1](./program-analysis/echidna/Exercise-2.md)
-            - [Exercise 3](./program-analysis/echidna/Exercise-3.md)
-            - [Exercise 4](./program-analysis/echidna/Exercise-4.md)
-            - [Exercise 5](./program-analysis/echidna/Exercise-5.md)
-            - [Exercise 6](./program-analysis/echidna/Exercise-6.md)
-            - [Exercise 7](./program-analysis/echidna/Exercise-7.md)
-            - [Exercise 8](./program-analysis/echidna/Exercise-8.md)
+            - [How to test bytecode-only contracts](./program-analysis/echidna/advanced/testing-bytecode.md)
+            - [How to use hevm cheats to test permit](./program-analysis/echidna/advanced/hevm-cheats-to-test-permit.md)
+            - [How to seed Echidna with unit tests](./program-analysis/echidna/advanced/end-to-end-testing.md)
+            - [Understanding and using `multi-abi`](./program-analysis/echidna/advanced/using-multi-abi.md)
+        - [Fuzzing tips](./program-analysis/echidna/fuzzing_tips.md)
+        - [Frequently Asked Questions](./program-analysis/echidna/frequently_asked_questions.md)
+        - [Exercises](./program-analysis/echidna/exercises/README.md)
+            - [Exercise 1](./program-analysis/echidna/exercises/Exercise-1.md)
+            - [Exercise 2](./program-analysis/echidna/exercises/Exercise-2.md)
+            - [Exercise 3](./program-analysis/echidna/exercises/Exercise-3.md)
+            - [Exercise 4](./program-analysis/echidna/exercises/Exercise-4.md)
+            - [Exercise 5](./program-analysis/echidna/exercises/Exercise-5.md)
+            - [Exercise 6](./program-analysis/echidna/exercises/Exercise-6.md)
+            - [Exercise 7](./program-analysis/echidna/exercises/Exercise-7.md)
+            - [Exercise 8](./program-analysis/echidna/exercises/Exercise-8.md)
 
     - [Manticore](./program-analysis/manticore/README.md)
         - [Introduction to symbolic execution](./program-analysis/manticore/symbolic-execution-introduction.md):
@@ -109,6 +110,8 @@
             - [Exercise 2](./program-analysis/manticore/exercises/exercise2.md)
 
     - [Slither](./program-analysis/slither/README.md)
+        - [Static Analysis](./program-analysis/slither/static_analysis.md)
+        - [API](./program-analysis/slither/api.md)
         - [Exercise 1](./program-analysis/slither/exercise1.md)
         - [Exercise 2](./program-analysis/slither/exercise2.md)
 

@@ -0,0 +1,9 @@
+# (Not So) Smart Contracts
+
+This repository contains examples of common smart contract vulnerabilities, including code from real smart contracts. Use Not So Smart Contracts to learn about vulnerabilities, as a reference when performing security reviews, and as a benchmark for security and analysis tools:
+
+- [Algorand](./algorand/README.md)
+- [Cairo](./cairo/README.md)
+- [Cosmos](./cosmos/README.md)
+- [Solana](./solana/README.md)
+- [Substrate](./substrate/README.md)
@@ -6,68 +6,12 @@ Watch our [Fuzzing workshop](https://www.youtube.com/watch?v=QofNQxW_K08&list=PL
 
 **Table of contents:**
 
-- Introduction
-  - [Installation](#installation)
-  - [Introduction to fuzzing](./fuzzing-introduction.md): Brief introduction to fuzzing
-  - [How to test a property](./how-to-test-a-property.md): How to test a property with Echidna
-- Basic
-  - [How to select the most suitable testing mode](./testing-modes.md): How to select the most suitable testing mode
-  - [How to select the best testing approach](./common-testing-approaches.md): How to select the best testing approach
-  - [How to filter functions](./filtering-functions.md): How to filters the functions to be fuzzed
-  - [How to test assertions](./assertion-checking.md): How to test assertions with Echidna
-  - [How to write good properties step by step](./property-creation.md): How to iteratively improve property testing
-  - [Frequently Asked Questions](./frequently_asked_questions.md): Answers to common questions about Echidna
-- Advanced
-  - [How to collect a corpus](./collecting-a-corpus.md): How to use Echidna to collect a corpus of transactions
-  - [How to use optimization mode](./optimization_mode.md): How to use Echidna to optimize a function
-  - [How to detect high gas consumption](./finding-transactions-with-high-gas-consumption.md): How to find functions with high gas consumption.
-  - [How to perform smart contract fuzzing at a large scale](./smart-contract-fuzzing-at-scale.md): How to use Echidna to run a long fuzzing campaign for complex smart contracts.
-  - [How to test a library](https://blog.trailofbits.com/2020/08/17/using-echidna-to-test-a-smart-contract-library/): How Echidna was used to test the library in Set Protocol (blogpost)
-  - [How to test bytecode-only contracts](./testing-bytecode.md): How to fuzz a contract without bytecode or to perform differential fuzzing between Solidity and Vyper
-  - [How to use hevm cheats to test permit](./hevm-cheats-to-test-permit.md): How to test code that depends on ecrecover signatures using hevm cheat codes
-  - [How to seed Echidna with unit tests](./end-to-end-testing.md): How to use existing unit tests to seed Echidna
-  - [Understanding and using `multi-abi`](./using-multi-abi.md): What is `multi-abi` testing, and how can it be used
-  - [Fuzzing tips](./fuzzing_tips.md): General fuzzing tips
-- Exercises
-  - [Exercise 1](./Exercise-1.md): Testing token balances
-  - [Exercise 2](./Exercise-2.md): Testing access control
-  - [Exercise 3](./Exercise-3.md): Testing with custom initialization
-  - [Exercise 4](./Exercise-4.md): Testing with `assert`
-  - [Exercise 5](./Exercise-5.md): Solving Damn Vulnerable DeFi - Naive Receiver
-  - [Exercise 6](./Exercise-6.md): Solving Damn Vulnerable DeFi - Unstoppable
-  - [Exercise 7](./Exercise-7.md): Solving Damn Vulnerable DeFi - Side Entrance
-  - [Exercise 8](./Exercise-8.md): Solving Damn Vulnerable DeFi - The Rewarder
+- [Introduction](./introduction/README.md): Introductory material to fuzzing and Echidna
+- [Basic](./basic/README.md): Learn the first steps on how to use Echidna
+- [Advanced](./advanced/README.md): Learn advanced features of Echidna
+- [Fuzzing tips](./fuzzing_tips.md): General fuzzing tips
+- [Frequently Asked Questions](./frequently_asked_questions.md): Answers to common questions about Echidna
+- [Exercises](./exercises/README.md): Exercises 
 
 Join the team on Slack at: https://empireslacking.herokuapp.com/ #ethereum
 
-## Installation
-
-Echidna can be installed through docker or using the pre-compiled binary.
-
-### MacOS
-
-You can install Echidna with `brew install echidna`. 
-
-### Echidna through docker
-
-```bash
-docker pull trailofbits/eth-security-toolbox
-docker run -it -v "$PWD":/home/training trailofbits/eth-security-toolbox
-```
-
-*The last command runs eth-security-toolbox in a docker container that has access to your current directory. You can change the files from your host and run the tools on the files through the container*
-
-Inside docker, run :
-
-```bash
-solc-select use 0.5.11
-cd /home/training
-```
-
-### Binary
-
-Check for the lastest released binary here:
-
-[https://github.com/crytic/echidna/releases/latest](https://github.com/crytic/echidna/releases/latest)
-
-The solc version is important to ensure that these exercises work as expected, we tested them using version 0.5.11.
@@ -0,0 +1,11 @@
+# Advanced
+
+- [How to collect a corpus](./collecting-a-corpus.md): How to use Echidna to collect a corpus of transactions
+- [How to use optimization mode](./optimization_mode.md): How to use Echidna to optimize a function
+- [How to detect high gas consumption](./finding-transactions-with-high-gas-consumption.md): How to find functions with high gas consumption.
+- [How to perform smart contract fuzzing at a large scale](./smart-contract-fuzzing-at-scale.md): How to use Echidna to run a long fuzzing campaign for complex smart contracts.
+- [How to test a library](https://blog.trailofbits.com/2020/08/17/using-echidna-to-test-a-smart-contract-library/): How Echidna was used to test the library in Set Protocol (blogpost)
+- [How to test bytecode-only contracts](./testing-bytecode.md): How to fuzz a contract without bytecode or to perform differential fuzzing between Solidity and Vyper
+- [How to use hevm cheats to test permit](./hevm-cheats-to-test-permit.md): How to test code that depends on ecrecover signatures using hevm cheat codes
+- [How to seed Echidna with unit tests](./end-to-end-testing.md): How to use existing unit tests to seed Echidna
+- [Understanding and using `multi-abi`](./using-multi-abi.md): What is `multi-abi` testing, and how can it be used
@@ -2,13 +2,14 @@
 
 **Table of contents:**
 
-- [Introduction](#introduction)
-- [Collecting a corpus](#collecting-a-corpus)
-- [Seeding a corpus](#seeding-a-corpus)
+- [Collecting, visualizing and modifying an Echidna corpus](#collecting-visualizing-and-modifying-an-echidna-corpus)
+  - [Introduction](#introduction)
+  - [Collecting a corpus](#collecting-a-corpus)
+  - [Seeding a corpus](#seeding-a-corpus)
 
 ## Introduction
 
-We will see how to collect and use a corpus of transactions with Echidna. The target is the following smart contract (*[example/magic.sol](./example/magic.sol)*):
+We will see how to collect and use a corpus of transactions with Echidna. The target is the following smart contract (*[../example/magic.sol](../example/magic.sol)*):
 
 ```Solidity
 contract C {

@@ -2,15 +2,16 @@
 
 **Table of contents:**
 
-- [Introduction](#introduction)
-- [Measuring Gas Consumption](#measuring-gas-consumption)
+- [Finding transactions with high gas consumption](#finding-transactions-with-high-gas-consumption)
+  - [Introduction](#introduction)
+  - [Measuring Gas Consumption](#measuring-gas-consumption)
 - [Run Echidna](#run-echidna)
 - [Filtering Out Gas-Reducing Calls](#filtering-out-gas-reducing-calls)
-- [Summary: Finding transactions with high gas consumption](#summary-finding-transactions-with-high-gas-consumption)
+  - [Summary: Finding transactions with high gas consumption](#summary-finding-transactions-with-high-gas-consumption)
 
 ## Introduction
 
-We will see how to find the transactions with high gas consumption with Echidna. The target is the following smart contract (*[example/gas.sol](./example/gas.sol)*):
+We will see how to find the transactions with high gas consumption with Echidna. The target is the following smart contract (*[../example/gas.sol](../example/gas.sol)*):
 
 ```solidity
 contract C {
@@ -49,7 +50,7 @@ Seed: 2320549945714142710
 
 ## Measuring Gas Consumption
 
-To enable Echidna's gas consumption feature, create a configuration file [`config.yaml`](./example/gas.yaml):
+To enable Echidna's gas consumption feature, create a configuration file [`../example/gas.yaml`](../example/gas.yaml):
 
 ```yaml
 estimateGas: true
@@ -85,10 +86,10 @@ Seed: -325611019680165325
 
 # Filtering Out Gas-Reducing Calls
 
-The tutorial on [filtering functions to call during a fuzzing campaign](./filtering-functions.md) shows how to
+The tutorial on [filtering functions to call during a fuzzing campaign](../basic/filtering-functions.md) shows how to
 remove some functions during testing.  
 This can be critical for getting an accurate gas estimate.
-Consider the following example (*[example/pushpop.sol](./example/pushpop.sol)*):
+Consider the following example (*[example/pushpop.sol](../example/pushpop.sol)*):
 
 ```solidity
 contract C {
@@ -113,7 +114,7 @@ contract C {
   }
 }
 ```
-If Echidna uses this [`config.yaml`](./example/pushpop.yaml), it can call all functions and won't easily find transactions with high gas cost:
+If Echidna uses this [`config.yaml`](../example/pushpop.yaml), it can call all functions and won't easily find transactions with high gas cost:
 
 ```
 $ echidna-test pushpop.sol --config config.yaml
@@ -128,7 +129,7 @@ push used a maximum of 40839 gas
 ```
 
 That's because the cost depends on the size of `addrs` and random calls tend to leave the array almost empty.
-Blacklisting `pop` and `clear`, however, gives us much better results (*[example/blacklistpushpop.yaml](./example/blacklistpushpop.yaml)*):
+Blacklisting `pop` and `clear`, however, gives us much better results (*[../example/blacklistpushpop.yaml](../example/blacklistpushpop.yaml)*):
 
 ```yaml
 estimateGas: true

@@ -43,4 +43,4 @@ First we will call `permit()` on our Mock ERC20 token with the signature generat
 
 ## Code
 
-The full example code can be found [here](example/TestDepositWithPermit.sol).
+The full example code can be found [here](../example/TestDepositWithPermit.sol).
@@ -2,8 +2,9 @@
 
 **Table of contents:**
 
-- [Introduction](#introduction)
-- [Optimizing with Echidna](#optimizing-with-echidna)
+- [Using optimization mode to find local maximums](#using-optimization-mode-to-find-local-maximums)
+  - [Introduction](#introduction)
+  - [Optimizing with Echidna](#optimizing-with-echidna)
 
 ## Introduction
 
@@ -22,7 +23,7 @@ and returns a `int256`. Echidna will try find a sequence of transactions to maxi
 
 ## Optimizing with Echidna
 
-In this example, the target is the following smart contract (*[example/opt.sol](./example/opt.sol)*):
+In this example, the target is the following smart contract (*[../example/opt.sol](../example/opt.sol)*):
 
 ```solidity
 contract TestDutchAuctionOptimization {

@@ -1,12 +1,14 @@
 # How to test bytecode only contracts
 
 **Table of contents:**
-- [Introduction](#introduction)
-- [Proxy pattern](#proxy-pattern)
-- [Run Echidna](#run-echidna)
-- [Differential fuzzing](#differential-fuzzing)
-- [Generic proxy pattern](#generic-proxy-code)
-- [Summary: Testing bytecode](#summary-testing-contracts-without-source-code)
+- [How to test bytecode only contracts](#how-to-test-bytecode-only-contracts)
+  - [Introduction](#introduction)
+  - [Proxy pattern](#proxy-pattern)
+  - [Run Echidna](#run-echidna)
+    - [Target source code](#target-source-code)
+  - [Differential fuzzing](#differential-fuzzing)
+  - [Generic Proxy code](#generic-proxy-code)
+  - [Summary: Testing contracts without source code](#summary-testing-contracts-without-source-code)
 
 ## Introduction
 
@@ -157,7 +159,7 @@ contract SolidityVersion{
 }
 ```
 
-Here we run Echidna with the [assertion mode](./assertion-checking.md):
+Here we run Echidna with the [assertion mode](../basic/assertion-checking.md):
 ```
 $ echidna-test  vyper.sol --config config.yaml --contract SolidityVersion --test-mode assertion
 assertion in test: passed! 🎉

@@ -2,11 +2,14 @@
 
 **Table of contents:**
 
-- [Introduction](#introduction)
-- [What is `multi-abi` testing?](#what-is-multi-abi-testing)
-- [When and how to use `multi-abi`](#when-and-how-to-use-multi-abi)
-- [Run Echidna](#run-echidna)
-- [Use cases and conclusions](#use-cases-and-conclusions)
+- [Understanding and using `multi-abi` in Echidna](#understanding-and-using-multi-abi-in-echidna)
+  - [Introduction](#introduction)
+  - [What is `multi-abi` testing?](#what-is-multi-abi-testing)
+  - [When and how to use `multi-abi`](#when-and-how-to-use-multi-abi)
+  - [Run Echidna](#run-echidna)
+    - [Example run with `multi-abi` set to `false`](#example-run-with-multi-abi-set-to-false)
+    - [Example run with `multi-abi` set to `true`](#example-run-with-multi-abi-set-to-true)
+  - [Use cases and conclusions](#use-cases-and-conclusions)
 
 ## Introduction
 
@@ -28,7 +31,7 @@ This is where `multi-abi` testing is useful: It allows Echidna to call functions
 
 ## Run Echidna
 
-We will use a simple example to show how `multi-abi` works. We will be using two contracts, `Flag` and `EchidnaTest`, both available in [`multiabi.sol`](example/multiabi.sol).
+We will use a simple example to show how `multi-abi` works. We will be using two contracts, `Flag` and `EchidnaTest`, both available in [`../example/multiabi.sol`](../example/multiabi.sol).
 
 The `Flag` contract contains a boolean flag that is only set if `flip()` is called, and a getter function that returns the value of the flag. For now, ignore `test_fail()`, we will talk about this function later.
 
@@ -68,7 +71,7 @@ contract EchidnaTest {
 }
 ```
 
-In a non `multi-abi` fuzzing campaign, Echidna is not able to break the invariant, because it only interacts with `EchidnaTest` functions. However, if we use the following configuration file, enabling `multi-abi` testing, the invariant is broken. You can access [`multiabi.yaml` here](example/multiabi.yaml).
+In a non `multi-abi` fuzzing campaign, Echidna is not able to break the invariant, because it only interacts with `EchidnaTest` functions. However, if we use the following configuration file, enabling `multi-abi` testing, the invariant is broken. You can access [`../example/multiabi.yaml` here](../example/multiabi.yaml).
 
 ```yaml
 testMode: assertion
Original file line number	Diff line number	Diff line change
Expand Up		@@ -43,4 +43,4 @@ First we will call `permit()` on our Mock ERC20 token with the signature generat

		## Code

		The full example code can be found [here](example/TestDepositWithPermit.sol).
		The full example code can be found [here](../example/TestDepositWithPermit.sol).