# Wake, a Python-based Solidity development and testing framework with built-in vulnerability detectors
Features:
- testing framework based on [pytest](https://docs.pytest.org/en)
- property-based fuzzer
- deployments & mainnet interactions
- vulnerability and code quality detectors
- printers for extracting useful information from Solidity code
- static analysis framework for implementing custom detectors and printers
- Github actions for [setting up Wake](https://github.com/marketplace/actions/wake-setup) and [running detectors](https://github.com/marketplace/actions/wake-detect)
- language server ([LSP](https://microsoft.github.io/language-server-protocol/))
- VS Code extension ([Tools for Solidity](https://marketplace.visualstudio.com/items?itemName=AckeeBlockchain.tools-for-solidity))
- solc version manager
## Dependencies
- Python (version 3.8 or higher)
- Rosetta must be enabled on Apple Silicon Macs
> ⚠️ Python 3.12 is experimentally supported.
## Installation
via `pip`
```shell
pip3 install eth-wake
```
## Documentation & Contribution
Wake documentation can be found [here](https://ackee.xyz/wake/docs/latest).
There you can also find a section on [contributing](https://ackee.xyz/wake/docs/latest/contributing/).
## Discovered vulnerabilities
| Vulnerability | Severity | Project | Method | Discovered by | Resources |
|-------------------------------------------------|----------|---------|------------------|------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| Profit & loss accounted twice | Critical | IPOR | Fuzz test | Ackee Blockchain | [Report](https://github.com/Ackee-Blockchain/public-audit-reports/blob/master/2023/ackee-blockchain-ipor-protocol-report.pdf), [Wake tests](https://github.com/Ackee-Blockchain/tests-ipor/blob/main/tests/test_fuzz.py) |
| Loan refinancing reentrancy | Critical | PWN | Detector | Ackee Blockchain | [Report](https://github.com/PWNDAO/pwn_audits/blob/main/protocol/pwn-v1.3-ackee.pdf) |
| Incorrect optimization in loan refinancing | Critical | PWN | Fuzz test | Ackee Blockchain | [Report](https://github.com/PWNDAO/pwn_audits/blob/main/protocol/pwn-v1.3-ackee.pdf), [Wake tests](https://github.com/Ackee-Blockchain/tests-pwn-protocol/blob/main/tests/test_refinance_comm_transfer_missing_found_fuzz.py) |
| Console permanent denial of service | High | Brahma | Fuzz test | Ackee Blockchain | [Report](https://github.com/Ackee-Blockchain/public-audit-reports/blob/master/2023/ackee-blockchain-brahma-console-v2-report.pdf) |
| Swap unwinding formula error | High | IPOR | Fuzz test | Ackee Blockchain | [Report](https://github.com/Ackee-Blockchain/public-audit-reports/blob/master/2023/ackee-blockchain-ipor-protocol-report.pdf), [Wake tests](https://github.com/Ackee-Blockchain/tests-ipor/blob/main/tests/test_fuzz.py) |
| Swap unwinding fee accounted twice | High | IPOR | Fuzz test | Ackee Blockchain | [Report](https://github.com/Ackee-Blockchain/public-audit-reports/blob/master/2023/ackee-blockchain-ipor-protocol-report.pdf), [Wake tests](https://github.com/Ackee-Blockchain/tests-ipor/blob/main/tests/test_fuzz.py) |
| Incorrect event data | High | Solady | Integration test | Ackee Blockchain | [Report](https://github.com/Ackee-Blockchain/public-audit-reports/blob/master/2023/ackee-blockchain-solady-report.pdf), [Wake tests](https://github.com/Ackee-Blockchain/tests-solady/blob/main/tests/test_erc1155.py) |
| `INTEREST_FROM_STRATEGY_BELOW_ZERO` reverts DoS | Medium | IPOR | Fuzz test | Ackee Blockchain | [Report](https://github.com/Ackee-Blockchain/public-audit-reports/blob/master/2023/ackee-blockchain-ipor-protocol-report.pdf), [Wake tests](https://github.com/Ackee-Blockchain/tests-ipor/blob/main/tests/test_fuzz.py) |
| Inaccurate hypothetical interest formula | Medium | IPOR | Fuzz test | Ackee Blockchain | [Report](https://github.com/Ackee-Blockchain/public-audit-reports/blob/master/2023/ackee-blockchain-ipor-protocol-report.pdf), [Wake tests](https://github.com/Ackee-Blockchain/tests-ipor/blob/main/tests/test_fuzz.py) |
| Swap unwinding fee normalization error | Medium | IPOR | Fuzz test | Ackee Blockchain | [Report](https://github.com/Ackee-Blockchain/public-audit-reports/blob/master/2023/ackee-blockchain-ipor-protocol-report.pdf), [Wake tests](https://github.com/Ackee-Blockchain/tests-ipor/blob/main/tests/test_fuzz.py) |
| Liquidation deposits accounted into LP balance | Medium | IPOR | Fuzz test | Ackee Blockchain | [Report](https://github.com/Ackee-Blockchain/public-audit-reports/blob/master/2023/ackee-blockchain-ipor-protocol-report.pdf), [Wake tests](https://github.com/Ackee-Blockchain/tests-ipor/blob/main/tests/test_st_eth_fuzz.py) |
| Missing receive function | Medium | Axelar | Fuzz test | Ackee Blockchain | [Wake tests](https://github.com/Ackee-Blockchain/tests-axelar-interchain-governance-executor/blob/main/tests/test_fuzz.py) |
| `SafeERC20` not used for `approve` | Medium | Lido | Fuzz test | Ackee Blockchain | [Wake tests](https://github.com/Ackee-Blockchain/tests-lido-stonks/blob/main/tests/test_fuzz.py) |
| Non-optimistic vetting & unbonded keys bad accounting | Medium | Lido | Fuzz test | Ackee Blockchain | [Report](https://github.com/lidofinance/audits/blob/main/Ackee%20Blockchain%20Lido%20Community%20Staking%20Module%20Report%2010-24.pdf), [Wake tests](https://github.com/Ackee-Blockchain/tests-lido-csm/blob/main/tests/test_csm_fuzz.py) |
| Chainlink common denominator bad logic | Medium | PWN | Fuzz test | Ackee Blockchain | [Report](https://github.com/PWNDAO/pwn_audits/blob/main/protocol/pwn-v1.3-ackee.pdf), [Wake tests](https://github.com/Ackee-Blockchain/tests-pwn-protocol/blob/main/tests/test_fuzz.py) |
| Outdated/reverting Chainlink feed causes DoS | Medium | PWN | Fuzz test | Ackee Blockchain | [Report](https://github.com/PWNDAO/pwn_audits/blob/main/protocol/pwn-v1.3-ackee.pdf), [Wake tests](https://github.com/Ackee-Blockchain/tests-pwn-protocol/blob/main/tests/test_fuzz.py) |
| Incorrect EIP-712 typehash | Medium | PWN | Detector | Ackee Blockchain | [Report](https://github.com/PWNDAO/pwn_audits/blob/main/protocol/pwn-v1.3-ackee.pdf) |
| Incorrect EIP-712 data encoding | Medium | PWN | Fuzz test | Ackee Blockchain | [Report](https://github.com/PWNDAO/pwn_audits/blob/main/protocol/pwn-v1.3-ackee.pdf), [Wake tests](https://github.com/Ackee-Blockchain/tests-pwn-protocol/blob/revision-2.0/tests/test_fuzz.py) |
## Features
### Testing framework
See [examples](https://github.com/Ackee-Blockchain/wake/tree/main/examples) and [documentation](https://ackee.xyz/wake/docs/latest/testing-framework/overview) for more information.
Writing tests is as simple as:
```python
from wake.testing import *
from pytypes.contracts.Counter import Counter
@chain.connect()
def test_counter():
counter = Counter.deploy()
assert counter.count() == 0
counter.increment()
assert counter.count() == 1
```
### Fuzzer
Fuzzer builds on top of the testing framework and allows efficient fuzz testing of Solidity smart contracts.
```python
from wake.testing import *
from wake.testing.fuzzing import *
from pytypes.contracts.Counter import Counter
class CounterTest(FuzzTest):
def pre_sequence(self) -> None:
self.counter = Counter.deploy()
self.count = 0
@flow()
def increment(self) -> None:
self.counter.increment()
self.count += 1
@flow()
def decrement(self) -> None:
with may_revert(PanicCodeEnum.UNDERFLOW_OVERFLOW) as e:
self.counter.decrement()
if e.value is not None:
assert self.count == 0
else:
self.count -= 1
@invariant(period=10)
def count(self) -> None:
assert self.counter.count() == self.count
@chain.connect()
def test_counter():
CounterTest().run(sequences_count=30, flows_count=100)
```
### Detectors
All vulnerability & code quality detectors can be run using:
```shell
wake detect all
```
A specific detector can be run using:
```shell
wake detect <detector-name>
```
See the [documentation](https://ackee.xyz/wake/docs/latest/static-analysis/using-detectors/) for a list of all detectors.
### Printers
A specific printer can be run using:
```shell
wake print <printer-name>
```
See the [documentation](https://ackee.xyz/wake/docs/latest/static-analysis/using-printers/) for a list of all printers.
### Custom detectors & printers
Refer to the [getting started](https://ackee.xyz/wake/docs/latest/static-analysis/getting-started/) guide for more information.
Also check out [wake_detectors](https://github.com/Ackee-Blockchain/wake/tree/main/wake_detectors) and [wake_printers](https://github.com/Ackee-Blockchain/wake/tree/main/wake_printers) for the implementation of built-in detectors and printers.
### LSP server
Wake implements an [LSP](https://microsoft.github.io/language-server-protocol/) server for Solidity. The only currently supported communication channel is TCP.
Wake LSP server can be run using:
```shell
wake lsp
```
Or with an optional --port argument (default 65432):
```shell
wake lsp --port 1234
```
All LSP server features can be found in the [documentation](https://ackee.xyz/wake/docs/latest/language-server/).
## License
This project is licensed under the [ISC license](https://github.com/Ackee-Blockchain/wake/blob/main/LICENSE).
## Partners
RockawayX | Coinbase
:-------------------------:|:-------------------------:
[](https://rockawayx.com/) | [](https://www.coinbase.com/)
Raw data
{
"_id": null,
"home_page": "https://getwake.io",
"name": "eth-wake",
"maintainer": null,
"docs_url": null,
"requires_python": "<4.0,>=3.8",
"maintainer_email": null,
"keywords": "ethereum, solidity, security, testing, development, static analysis, framework, audit",
"author": "Ackee Blockchain",
"author_email": null,
"download_url": "https://files.pythonhosted.org/packages/0d/7b/081fbdc2c1aa4d697bb71304214aaf160b0d5ca5c144ff344a02643a6aa3/eth_wake-4.14.0.tar.gz",
"platform": null,
"description": "# Wake, a Python-based Solidity development and testing framework with built-in vulnerability detectors\n\n\n\nFeatures:\n\n- testing framework based on [pytest](https://docs.pytest.org/en)\n- property-based fuzzer\n- deployments & mainnet interactions\n- vulnerability and code quality detectors\n- printers for extracting useful information from Solidity code\n- static analysis framework for implementing custom detectors and printers\n- Github actions for [setting up Wake](https://github.com/marketplace/actions/wake-setup) and [running detectors](https://github.com/marketplace/actions/wake-detect)\n- language server ([LSP](https://microsoft.github.io/language-server-protocol/))\n- VS Code extension ([Tools for Solidity](https://marketplace.visualstudio.com/items?itemName=AckeeBlockchain.tools-for-solidity))\n- solc version manager\n\n## Dependencies\n\n- Python (version 3.8 or higher)\n- Rosetta must be enabled on Apple Silicon Macs\n\n> \u26a0\ufe0f Python 3.12 is experimentally supported.\n\n## Installation\n\nvia `pip`\n\n```shell\npip3 install eth-wake\n```\n\n## Documentation & Contribution\n\nWake documentation can be found [here](https://ackee.xyz/wake/docs/latest).\n\nThere you can also find a section on [contributing](https://ackee.xyz/wake/docs/latest/contributing/).\n\n## Discovered vulnerabilities\n\n| Vulnerability | Severity | Project | Method | Discovered by | Resources |\n|-------------------------------------------------|----------|---------|------------------|------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|\n| Profit & loss accounted twice | Critical | IPOR | Fuzz test | Ackee Blockchain | [Report](https://github.com/Ackee-Blockchain/public-audit-reports/blob/master/2023/ackee-blockchain-ipor-protocol-report.pdf), [Wake tests](https://github.com/Ackee-Blockchain/tests-ipor/blob/main/tests/test_fuzz.py) |\n| Loan refinancing reentrancy | Critical | PWN | Detector | Ackee Blockchain | [Report](https://github.com/PWNDAO/pwn_audits/blob/main/protocol/pwn-v1.3-ackee.pdf) |\n| Incorrect optimization in loan refinancing | Critical | PWN | Fuzz test | Ackee Blockchain | [Report](https://github.com/PWNDAO/pwn_audits/blob/main/protocol/pwn-v1.3-ackee.pdf), [Wake tests](https://github.com/Ackee-Blockchain/tests-pwn-protocol/blob/main/tests/test_refinance_comm_transfer_missing_found_fuzz.py) |\n| Console permanent denial of service | High | Brahma | Fuzz test | Ackee Blockchain | [Report](https://github.com/Ackee-Blockchain/public-audit-reports/blob/master/2023/ackee-blockchain-brahma-console-v2-report.pdf) |\n| Swap unwinding formula error | High | IPOR | Fuzz test | Ackee Blockchain | [Report](https://github.com/Ackee-Blockchain/public-audit-reports/blob/master/2023/ackee-blockchain-ipor-protocol-report.pdf), [Wake tests](https://github.com/Ackee-Blockchain/tests-ipor/blob/main/tests/test_fuzz.py) |\n| Swap unwinding fee accounted twice | High | IPOR | Fuzz test | Ackee Blockchain | [Report](https://github.com/Ackee-Blockchain/public-audit-reports/blob/master/2023/ackee-blockchain-ipor-protocol-report.pdf), [Wake tests](https://github.com/Ackee-Blockchain/tests-ipor/blob/main/tests/test_fuzz.py) |\n| Incorrect event data | High | Solady | Integration test | Ackee Blockchain | [Report](https://github.com/Ackee-Blockchain/public-audit-reports/blob/master/2023/ackee-blockchain-solady-report.pdf), [Wake tests](https://github.com/Ackee-Blockchain/tests-solady/blob/main/tests/test_erc1155.py) |\n| `INTEREST_FROM_STRATEGY_BELOW_ZERO` reverts DoS | Medium | IPOR | Fuzz test | Ackee Blockchain | [Report](https://github.com/Ackee-Blockchain/public-audit-reports/blob/master/2023/ackee-blockchain-ipor-protocol-report.pdf), [Wake tests](https://github.com/Ackee-Blockchain/tests-ipor/blob/main/tests/test_fuzz.py) |\n| Inaccurate hypothetical interest formula | Medium | IPOR | Fuzz test | Ackee Blockchain | [Report](https://github.com/Ackee-Blockchain/public-audit-reports/blob/master/2023/ackee-blockchain-ipor-protocol-report.pdf), [Wake tests](https://github.com/Ackee-Blockchain/tests-ipor/blob/main/tests/test_fuzz.py) |\n| Swap unwinding fee normalization error | Medium | IPOR | Fuzz test | Ackee Blockchain | [Report](https://github.com/Ackee-Blockchain/public-audit-reports/blob/master/2023/ackee-blockchain-ipor-protocol-report.pdf), [Wake tests](https://github.com/Ackee-Blockchain/tests-ipor/blob/main/tests/test_fuzz.py) |\n| Liquidation deposits accounted into LP balance | Medium | IPOR | Fuzz test | Ackee Blockchain | [Report](https://github.com/Ackee-Blockchain/public-audit-reports/blob/master/2023/ackee-blockchain-ipor-protocol-report.pdf), [Wake tests](https://github.com/Ackee-Blockchain/tests-ipor/blob/main/tests/test_st_eth_fuzz.py) |\n| Missing receive function | Medium | Axelar | Fuzz test | Ackee Blockchain | [Wake tests](https://github.com/Ackee-Blockchain/tests-axelar-interchain-governance-executor/blob/main/tests/test_fuzz.py) |\n| `SafeERC20` not used for `approve` | Medium | Lido | Fuzz test | Ackee Blockchain | [Wake tests](https://github.com/Ackee-Blockchain/tests-lido-stonks/blob/main/tests/test_fuzz.py) |\n| Non-optimistic vetting & unbonded keys bad accounting | Medium | Lido | Fuzz test | Ackee Blockchain | [Report](https://github.com/lidofinance/audits/blob/main/Ackee%20Blockchain%20Lido%20Community%20Staking%20Module%20Report%2010-24.pdf), [Wake tests](https://github.com/Ackee-Blockchain/tests-lido-csm/blob/main/tests/test_csm_fuzz.py) |\n| Chainlink common denominator bad logic | Medium | PWN | Fuzz test | Ackee Blockchain | [Report](https://github.com/PWNDAO/pwn_audits/blob/main/protocol/pwn-v1.3-ackee.pdf), [Wake tests](https://github.com/Ackee-Blockchain/tests-pwn-protocol/blob/main/tests/test_fuzz.py) |\n| Outdated/reverting Chainlink feed causes DoS | Medium | PWN | Fuzz test | Ackee Blockchain | [Report](https://github.com/PWNDAO/pwn_audits/blob/main/protocol/pwn-v1.3-ackee.pdf), [Wake tests](https://github.com/Ackee-Blockchain/tests-pwn-protocol/blob/main/tests/test_fuzz.py) |\n| Incorrect EIP-712 typehash | Medium | PWN | Detector | Ackee Blockchain | [Report](https://github.com/PWNDAO/pwn_audits/blob/main/protocol/pwn-v1.3-ackee.pdf) |\n| Incorrect EIP-712 data encoding | Medium | PWN | Fuzz test | Ackee Blockchain | [Report](https://github.com/PWNDAO/pwn_audits/blob/main/protocol/pwn-v1.3-ackee.pdf), [Wake tests](https://github.com/Ackee-Blockchain/tests-pwn-protocol/blob/revision-2.0/tests/test_fuzz.py) |\n\n## Features\n\n### Testing framework\n\nSee [examples](https://github.com/Ackee-Blockchain/wake/tree/main/examples) and [documentation](https://ackee.xyz/wake/docs/latest/testing-framework/overview) for more information.\n\nWriting tests is as simple as:\n\n```python\nfrom wake.testing import *\nfrom pytypes.contracts.Counter import Counter\n\n@chain.connect()\ndef test_counter():\n counter = Counter.deploy()\n assert counter.count() == 0\n\n counter.increment()\n assert counter.count() == 1\n```\n\n### Fuzzer\n\nFuzzer builds on top of the testing framework and allows efficient fuzz testing of Solidity smart contracts.\n\n```python\nfrom wake.testing import *\nfrom wake.testing.fuzzing import *\nfrom pytypes.contracts.Counter import Counter\n\nclass CounterTest(FuzzTest):\n def pre_sequence(self) -> None:\n self.counter = Counter.deploy()\n self.count = 0\n\n @flow()\n def increment(self) -> None:\n self.counter.increment()\n self.count += 1\n\n @flow()\n def decrement(self) -> None:\n with may_revert(PanicCodeEnum.UNDERFLOW_OVERFLOW) as e:\n self.counter.decrement()\n\n if e.value is not None:\n assert self.count == 0\n else:\n self.count -= 1\n\n @invariant(period=10)\n def count(self) -> None:\n assert self.counter.count() == self.count\n\n@chain.connect()\ndef test_counter():\n CounterTest().run(sequences_count=30, flows_count=100)\n```\n\n### Detectors\n\nAll vulnerability & code quality detectors can be run using:\n```shell\nwake detect all\n```\n\nA specific detector can be run using:\n```shell\nwake detect <detector-name>\n```\n\nSee the [documentation](https://ackee.xyz/wake/docs/latest/static-analysis/using-detectors/) for a list of all detectors.\n\n### Printers\n\nA specific printer can be run using:\n```shell\nwake print <printer-name>\n```\n\nSee the [documentation](https://ackee.xyz/wake/docs/latest/static-analysis/using-printers/) for a list of all printers.\n\n### Custom detectors & printers\n\nRefer to the [getting started](https://ackee.xyz/wake/docs/latest/static-analysis/getting-started/) guide for more information.\nAlso check out [wake_detectors](https://github.com/Ackee-Blockchain/wake/tree/main/wake_detectors) and [wake_printers](https://github.com/Ackee-Blockchain/wake/tree/main/wake_printers) for the implementation of built-in detectors and printers.\n\n### LSP server\n\nWake implements an [LSP](https://microsoft.github.io/language-server-protocol/) server for Solidity. The only currently supported communication channel is TCP.\n\nWake LSP server can be run using:\n\n```shell\nwake lsp\n```\n\nOr with an optional --port argument (default 65432):\n\n```shell\nwake lsp --port 1234\n```\n\nAll LSP server features can be found in the [documentation](https://ackee.xyz/wake/docs/latest/language-server/).\n\n## License\n\nThis project is licensed under the [ISC license](https://github.com/Ackee-Blockchain/wake/blob/main/LICENSE).\n\n## Partners\n\nRockawayX | Coinbase\n:-------------------------:|:-------------------------:\n[](https://rockawayx.com/) | [](https://www.coinbase.com/)\n\n\n\n\n\n\n",
"bugtrack_url": null,
"license": "ISC",
"summary": "Wake is a Python-based Solidity development and testing framework with built-in vulnerability detectors.",
"version": "4.14.0",
"project_urls": {
"Documentation": "https://ackee.xyz/wake/docs/latest",
"Homepage": "https://getwake.io",
"Repository": "https://github.com/Ackee-Blockchain/wake",
"VS Code Extension": "https://marketplace.visualstudio.com/items?itemName=AckeeBlockchain.tools-for-solidity"
},
"split_keywords": [
"ethereum",
" solidity",
" security",
" testing",
" development",
" static analysis",
" framework",
" audit"
],
"urls": [
{
"comment_text": "",
"digests": {
"blake2b_256": "26e6bcc3eb5befd41122b1e4bbdf65f37f7b7c35a7564ce144586117b9c16adb",
"md5": "d5e54f81c50fe11d31771f58e2fcc4c5",
"sha256": "6163bcbe23772c07aac08da6c3bca6522c6dd3010197993fa55ac809ca7884e7"
},
"downloads": -1,
"filename": "eth_wake-4.14.0-py3-none-any.whl",
"has_sig": false,
"md5_digest": "d5e54f81c50fe11d31771f58e2fcc4c5",
"packagetype": "bdist_wheel",
"python_version": "py3",
"requires_python": "<4.0,>=3.8",
"size": 603337,
"upload_time": "2025-01-15T19:42:07",
"upload_time_iso_8601": "2025-01-15T19:42:07.914162Z",
"url": "https://files.pythonhosted.org/packages/26/e6/bcc3eb5befd41122b1e4bbdf65f37f7b7c35a7564ce144586117b9c16adb/eth_wake-4.14.0-py3-none-any.whl",
"yanked": false,
"yanked_reason": null
},
{
"comment_text": "",
"digests": {
"blake2b_256": "0d7b081fbdc2c1aa4d697bb71304214aaf160b0d5ca5c144ff344a02643a6aa3",
"md5": "dc016375691a13598ddfc8052ec128b3",
"sha256": "10ae99c6d4ef4d5d3c58111fef1b62faa343d72e182f8a31f58a15170c5b7b16"
},
"downloads": -1,
"filename": "eth_wake-4.14.0.tar.gz",
"has_sig": false,
"md5_digest": "dc016375691a13598ddfc8052ec128b3",
"packagetype": "sdist",
"python_version": "source",
"requires_python": "<4.0,>=3.8",
"size": 433352,
"upload_time": "2025-01-15T19:42:09",
"upload_time_iso_8601": "2025-01-15T19:42:09.817054Z",
"url": "https://files.pythonhosted.org/packages/0d/7b/081fbdc2c1aa4d697bb71304214aaf160b0d5ca5c144ff344a02643a6aa3/eth_wake-4.14.0.tar.gz",
"yanked": false,
"yanked_reason": null
}
],
"upload_time": "2025-01-15 19:42:09",
"github": true,
"gitlab": false,
"bitbucket": false,
"codeberg": false,
"github_user": "Ackee-Blockchain",
"github_project": "wake",
"travis_ci": false,
"coveralls": false,
"github_actions": true,
"lcname": "eth-wake"
}
JSON
