Data

Tools

Indexes

Applications

Experiments

Open Source Science

https://github.com/crytic/optik

Optik is a set of symbolic execution tools that assist smart-contract fuzzers

https://github.com/crytic/optik

Science Score: 13.0%

This score indicates how likely this project is to be science-related based on various indicators:

  • CITATION.cff file
  • codemeta.json file
    Found codemeta.json file
  • .zenodo.json file
  • DOI references
  • Academic publication links
  • Committers with academic emails
  • Institutional organization owner
  • JOSS paper metadata
  • Scientific vocabulary similarity
    Low similarity (11.2%) to scientific vocabulary

Keywords

echidna evm fuzzing maat security-tools smart-contracts symbolic-execution

Keywords from Contributors

solidity binary-analysis emulation program-analysis smt z3 vulnerability-detection static-analysis vyper academic-papers
Last synced: 5 months ago · JSON representation

Repository

Optik is a set of symbolic execution tools that assist smart-contract fuzzers

Basic Info
Statistics
  • Stars: 94
  • Watchers: 6
  • Forks: 12
  • Open Issues: 28
  • Releases: 1
Topics
echidna evm fuzzing maat security-tools smart-contracts symbolic-execution
Created almost 4 years ago · Last pushed over 1 year ago
Metadata Files
Readme Contributing

README.md

Optik

Optik is a set of symbolic execution tools that assist smart contract fuzzers, letting them run in a hybrid mode. Optik couples Echidna, our smart contract fuzzer, with the Maat symbolic executor that replays the fuzzing corpus and extends it with new inputs that increase coverage.

Current limitations

Optik is a work in progress and should not be used for real audits yet. Current limitations include:

  • Symbolic KECCAK hashes are not supported
  • CREATE2, CALLCODE, and DELEGATECALL are not yet supported
  • Gas is not taken into account
  • Some echidna options are not yet supported (see hybrid-echidna -h)

Hybrid Echidna


Optik allows to run the Echidna smart-contract fuzzer in hybrid mode. It basically couples Echidna with the Maat symbolic executor that replays the Echidna corpus and extends it with new inputs that increase coverage.

hybrid-echidna starts with several incremental seeding steps, where it seeds the corpus with short transactions sequences obtained by Slither's dataflow analysis, and uses symbolic execution more intensely to solve new inputs. The sequence length is incremented at each seeding step. Once it reaches a certain length threshold, hybrid-echidna falls back into its normal mode, starts to limit the number of symbolic inputs to solve, and stops using dataflow analysis for seeding the corpus.

Usage

Hybrid echidna can be used seamlessly in place of regular Echidna by replacing echidna-test with hybrid-echidna in your Echidna command line. For example:

hybrid-echidna MyContract.sol --test-mode assertion --corpus-dir /tmp/test --contract MyContract

Additionnal options are available in hybrid mode to control hybrid-echidna's behaviour:

  • --max-iters: maximum number of fuzzing iterations to perform (one iteration is one Echidna campaign + one symbolic executor run on the corpus)

  • --solver-timeout: maximum time in milliseconds to spend solving each possible new input

  • --incremental-threshold: number of initial incremental seeding steps to perform

  • --no-incremental: skip initial incremental seeding

  • --cov-mode: type of coverage to increase when solving new inputs. Most coverage modes are implemented for experimental purposes. Unless you are developing/hacking on Optik, we recommend to keep the default mode

Debugging, logging and terminal display:

  • --debug: add debugging information to the log output

  • --logs: write logs to a given file (or stdout)

  • --no-display: disable the graphical terminal display

Installation

For a quick installation, run:

console python3 -m pip install optik-tools

To keep up with the latest features and fixes, install Optik from its master branch:

console git clone https://github.com/crytic/optik && cd optik python3 -m pip install .

You can also run it from Docker:

```console git clone https://github.com/crytic/optik && cd optik docker build -t crytic/optik . docker run -it --rm --mount type=bind,source="$(pwd)",target=/workdir crytic/optik

This runs the Docker container, mounting the local directory into /workdir

```

Owner

  • Name: Crytic
  • Login: crytic
  • Kind: organization
  • Email: opensource@trailofbits.com
  • Location: New York, NY

Blockchain Security, by @trailofbits

GitHub Events

Total
  • Watch event: 7
Last Year
  • Watch event: 7

Committers

Last synced: 10 months ago

All Time
  • Total Commits: 96
  • Total Committers: 7
  • Avg Commits per committer: 13.714
  • Development Distribution Score (DDS): 0.177
Past Year
  • Commits: 0
  • Committers: 0
  • Avg Commits per committer: 0.0
  • Development Distribution Score (DDS): 0.0
Top Committers
Name Email Commits
Boyan MILANOV b****v@t****m 79
Tom 5****m 9
Feist Josselin j****t@g****m 3
Dan Guido d****n@t****m 2
alpharush 0****h@p****m 1
James Olds o****j 1
Evan Sultanik e****n@s****m 1
Committer Domains (Top 20 + Academic)
trailofbits.com: 2 sultanik.com: 1

Issues and Pull Requests

Last synced: 10 months ago

All Time
  • Total issues: 70
  • Total pull requests: 73
  • Average time to close issues: 9 days
  • Average time to close pull requests: about 22 hours
  • Total issue authors: 11
  • Total pull request authors: 9
  • Average comments per issue: 0.61
  • Average comments per pull request: 0.25
  • Merged pull requests: 67
  • Bot issues: 0
  • Bot pull requests: 1
Past Year
  • Issues: 0
  • Pull requests: 1
  • Average time to close issues: N/A
  • Average time to close pull requests: N/A
  • Issue authors: 0
  • Pull request authors: 1
  • Average comments per issue: 0
  • Average comments per pull request: 0.0
  • Merged pull requests: 0
  • Bot issues: 0
  • Bot pull requests: 1
View more stats
Top Authors
Issue Authors
  • Boyan-MILANOV (37)
  • ggrieco-tob (5)
  • rappie (4)
  • 0xalpharush (2)
  • SheldonHolmgren (2)
  • wuestholz (2)
  • Thomas-Malcolm (1)
  • woodruffw (1)
  • tjade273 (1)
  • elopez (1)
  • bohendo (1)
Pull Request Authors
  • Boyan-MILANOV (29)
  • Thomas-Malcolm (9)
  • 0xalpharush (4)
  • montyly (3)
  • dependabot[bot] (2)
  • elopez (1)
  • ESultanik (1)
  • oldsj (1)
  • ChmielewskiKamil (1)
Top Labels
Issue Labels
bug (19) enhancement (13) good first issue (2) idea (2)
Pull Request Labels
dependencies (2) enhancement (2) bug (1)

Dependencies

.github/workflows/black.yml actions
  • actions/checkout v2 composite
  • actions/setup-python v2 composite
  • github/super-linter/slim v4.9.2 composite
.github/workflows/ci.yml actions
  • actions/checkout v2 composite
  • actions/setup-python v2 composite
.github/workflows/python-package.yml actions
  • actions/checkout v2 composite
  • actions/download-artifact v2 composite
  • actions/setup-python v2 composite
  • actions/upload-artifact v2 composite
  • pypa/gh-action-pypi-publish v1.5.0 composite
Dockerfile docker
  • trailofbits/echidna latest build
pyproject.toml pypi
  • crytic-compile *
  • eth_abi *
  • pymaat >=0.6.7
  • pysha3 *
  • pyyaml *
  • rlp *
  • setuptools >=45
  • slither-analyzer *
  • solc-select *
  • wheel *
setup.py pypi