Echidna 2.3.0

Echidna 2.3.0 introduces symbolic execution capabilities to complement traditional fuzzing workflows. This update adds two verification modes that combine fuzzing with formal verification techniques, alongside improvements to debugging workflows and Foundry integration.

• Enhanced symbolic execution. Echidna now offers a verification mode for analyzing stateless functions alongside the traditional mode for discovering assertion failures in stateful scenarios. Verification mode performs exhaustive analysis of single-transaction code paths, similar to tools like Halmos and hevm, providing formal guarantees when tests pass. The traditional mode combines traditional fuzzing with symbolic execution, using your accumulated corpus to explore states more exhaustively. You can now use Bitwuzla, cvc5 or Z3 as the solvers.
• Foundry reproducer generation for debugging workflows. Echidna can now generate Foundry test cases that reproduce discovered bugs. This initial implementation creates standalone reproducers for failed assertions.
• Revamped HTML coverage reports. The HTML coverage reporting system has been redesigned to provide clearer, more actionable insights, in a manner similar to medusa. The coverage output directory can now be independently configured using the coverageDir option.
• Improved debugging experience with comprehensive event logging. When properties or assertions fail, Echidna now displays all events from all transactions in the sequence, giving you complete visibility into state changes leading to the failure. Deployment failures now show the full execution trace instead of just a list of events, making initialization issues easier to diagnose. The shrinking process now logs its status in text mode, providing visibility into how Echidna minimizes failing test cases.
• Streamlined codebase through removal of deprecated features. Echidna 2.3.0 removes Etheno integration (including the initialize configuration option), gas estimation (estimateGas option), and concolic execution (symExecConcolic option). These features saw limited adoption and their removal simplifies the codebase while improving overall performance and maintainability. If your workflows depend on these features, please reach out to the team before upgrading.

Additional improvements:

• Values from tuple elements are automatically extracted into the fuzzing dictionary
• Enhanced callback (multicall-style) encoding support for more accurate smart contract testing
• Docker image now includes Foundry, Z3, Bitwuzla
• Haskell runtime system options (rtsopts) are now enabled on release builds, allowing users to tweak Echidna for better memory use and performance in their environments

The full changelog is provided below:

Added

• Store event changes into Echidna's corpus by @divyaranjan1905 in #1405
• Add values from tuple elements into the dictionary by @gustavo-grieco in #1406
• Test older solc versions on merge by @elopez in #1412
• docker: update base image; build with musl; include z3, bitwuzla by @elopez in #1422
• flake: add bitwuzla and cvc5 to fuzz shell by @elopez in #1425
• tests: fix default config to match default values in code by @elopez in #1429
• Add independent coverage directory configuration option by @BowTiedRadone in #1428
• Revamp HTML coverage report by @elopez in #1415
• Added initial support for generation of foundry reproducers by @gustavo-grieco in #1437
• Set up proper reversion state when loading transactions by @gustavo-grieco in #1453
• Support for encoding valid calls for callbacks by @gustavo-grieco in #1444
• echidna: enable rtsopts by @elopez in #1457
• add foundry to docker image by @bsamuels453 in #1469
• Show trace instead of list of events when deployment failed by @gustavo-grieco in #1466
• Log shrinking status by @BowTiedRadone in #1454
• Show all events from all the transactions when a property or assertion fails by @gustavo-grieco in #1475

Fixed

• fix: reduce html class names to their first letters by @divyaranjan1905 in #1404
• Clean up subState when setting up transactions by @elopez in #1408
• Reworked symbolic execution code by @gustavo-grieco in #1394
• Fix CI tests by @elopez in #1414
• Speed up coverage filename calculation by @elopez in #1411
• Reduce test flakiness by @elopez in #1416
• Test improvements by @elopez in #1421
• Only verify suitable methods by @gustavo-grieco in #1431
• docs: fix incorrect Docker volume mount command by @zkpepe in #1433
• ci: macos: add missing gmp rewrite by @elopez in #1440
• fix: ppAbiValue mapping in JSON.mapCall for SolCall by @VolodymyrBg in #1445
• Fix build failure with GHC 9.10 by @elopez in #1446
• scripts: libff: enable C++11 on build by @elopez in #1447
• Fixed event decoding crash by @gustavo-grieco in #1450
• Add solc constraint to the callback test by @gustavo-grieco in #1458
• Symbolic execution fixes to make sure no counter example is missed by @gustavo-grieco in #1441
• Include value into json output and use string instead of integer by @gustavo-grieco in #1460
• Do not fetch if etherscan key is not available and support different chain ids by @gustavo-grieco in #1492

Updated

• build(deps): bump DeterminateSystems/nix-installer-action from 18 to 19 by @dependabot[bot] in #1407
• build(deps): bump actions/download-artifact from 4 to 5 by @dependabot[bot] in #1418
• build(deps): bump actions/checkout from 4 to 5 by @dependabot[bot] in #1419
• Update hevm to 9982c580ed19b88ebab9744d29d940fd2f0bd8c6 by @elopez in #1417
• flake: update nixpkgs, foundry, bitwuzla by @elopez in #1427
• Update CODEOWNERS by @elopez in #1432
• Update references to hevm repository by @elopez in #1435
• build(deps): bump actions/setup-python from 5 to 6 by @dependabot[bot] in #1442
• build(deps): bump softprops/action-gh-release from 2.3.2 to 2.3.3 by @dependabot[bot] in #1443
• build(deps): bump DeterminateSystems/nix-installer-action from 19 to 20 by @dependabot[bot] in #1451
• ci: macos-13 -> macos-15-intel by @elopez in #1455
• build(deps): bump actions/upload-artifact from 4 to 5 by @dependabot[bot] in #1478
• build(deps): bump sigstore/gh-action-sigstore-python from 3.0.1 to 3.1.0 by @dependabot[bot] in #1479
• build(deps): bump actions/download-artifact from 5 to 6 by @dependabot[bot] in #1477
• build(deps): bump softprops/action-gh-release from 2.3.3 to 2.4.2 by @dependabot[bot] in #1481
• build(deps): bump actions/checkout from 5 to 6 by @dependabot[bot] in #1483
• Echidna 2.3 RC by @gustavo-grieco in #1467
• build(deps): bump DeterminateSystems/nix-installer-action from 20 to 21 by @dependabot[bot] in #1482
• build(deps): bump softprops/action-gh-release from 2.4.2 to 2.5.0 by @dependabot[bot] in #1488
• Update hevm to 9ba5e52fc7ec7ae6f7f3a25d5ee426625d2aa9d by @elopez in #1487
• build(deps): bump sigstore/gh-action-sigstore-python from 3.1.0 to 3.2.0 by @dependabot[bot] in #1491

Removed

Important

The following features have been removed from Echidna:

• Etheno integration, and the initialize configuration option
• Gas estimation (estimateGas configuration option)
• Concolic execution (symExecConcolic configuration option)

• Drop Etheno support by @elopez in #1402
• Drop estimateGas support by @elopez in #1403

New Contributors

• @divyaranjan1905 made their first contribution in #1404
• @zkpepe made their first contribution in #1433
• @BowTiedRadone made their first contribution in #1428
• @VolodymyrBg made their first contribution in https://github.com/crytic/ech...

Echidna 2.3.0-RC2

This release candidate pre-release is for benchmarking and testing latest features. Do not use it in production, wait for the upcoming final release instead.

What's Changed

• Drop Etheno support by @elopez in #1402
• Drop estimateGas support by @elopez in #1403
• fix: reduce html class names to their first letters by @divyaranjan1905 in #1404
• Store event changes into Echidna's corpus by @divyaranjan1905 in #1405
• Clean up subState when setting up transactions by @elopez in #1408
• Reworked symbolic execution code by @gustavo-grieco in #1394
• build(deps): bump DeterminateSystems/nix-installer-action from 18 to 19 by @dependabot[bot] in #1407
• Add values from tuple elements into the dictionary by @gustavo-grieco in #1406
• Test older solc versions on merge by @elopez in #1412
• Fix CI tests by @elopez in #1414
• Speed up coverage filename calculation by @elopez in #1411
• Reduce test flakiness by @elopez in #1416
• build(deps): bump actions/download-artifact from 4 to 5 by @dependabot[bot] in #1418
• build(deps): bump actions/checkout from 4 to 5 by @dependabot[bot] in #1419
• Update hevm to 9982c580ed19b88ebab9744d29d940fd2f0bd8c6 by @elopez in #1417
• Test improvements by @elopez in #1421
• docker: update base image; build with musl; include z3, bitwuzla by @elopez in #1422
• flake: add bitwuzla and cvc5 to fuzz shell by @elopez in #1425
• flake: update nixpkgs, foundry, bitwuzla by @elopez in #1427
• tests: fix default config to match default values in code by @elopez in #1429
• Update CODEOWNERS by @elopez in #1432
• Only verify suitable methods by @gustavo-grieco in #1431
• docs: fix incorrect Docker volume mount command by @zkpepe in #1433
• Update references to hevm repository by @elopez in #1435
• Add independent coverage directory configuration option by @BowTiedRadone in #1428
• ci: macos: add missing gmp rewrite by @elopez in #1440
• build(deps): bump actions/setup-python from 5 to 6 by @dependabot[bot] in #1442
• build(deps): bump softprops/action-gh-release from 2.3.2 to 2.3.3 by @dependabot[bot] in #1443
• fix: ppAbiValue mapping in JSON.mapCall for SolCall by @VolodymyrBg in #1445
• Fix build failure with GHC 9.10 by @elopez in #1446
• scripts: libff: enable C++11 on build by @elopez in #1447
• Fixed event decoding crash by @gustavo-grieco in #1450
• build(deps): bump DeterminateSystems/nix-installer-action from 19 to 20 by @dependabot[bot] in #1451
• ci: macos-13 -> macos-15-intel by @elopez in #1455
• Revamp HTML coverage report by @elopez in #1415
• Added initial support for generation of foundry reproducers by @gustavo-grieco in #1437
• Set up proper reversion state when loading transactions by @gustavo-grieco in #1453
• Support for encoding valid calls for callbacks by @gustavo-grieco in #1444
• echidna: enable rtsopts by @elopez in #1457
• Add solc constraint to the callback test by @gustavo-grieco in #1458
• Symbolic execution fixes to make sure no counter example is missed by @gustavo-grieco in #1441
• Include value into json output and use string instead of integer by @gustavo-grieco in #1460
• add foundry to docker image by @bsamuels453 in #1469
• Show trace instead of list of events when deployment failed by @gustavo-grieco in #1466
• Log shrinking status by @BowTiedRadone in #1454
• Avoid crashing when trying to do symbolic execution in fallback
• Switch to stack based loop detection in symbolic execution exploration
• Silence RPC warning when there is no RPC configured

New Contributors

• @divyaranjan1905 made their first contribution in #1404
• @zkpepe made their first contribution in #1433
• @BowTiedRadone made their first contribution in #1428
• @VolodymyrBg made their first contribution in #1445
• @bsamuels453 made their first contribution in #1469

Echidna 2.3.0-RC1

This release candidate pre-release is for benchmarking and testing latest features. Do not use it in production, wait for the upcoming final release instead.

What's Changed

• Drop Etheno support by @elopez in #1402
• Drop estimateGas support by @elopez in #1403
• fix: reduce html class names to their first letters by @divyaranjan1905 in #1404
• Store event changes into Echidna's corpus by @divyaranjan1905 in #1405
• Clean up subState when setting up transactions by @elopez in #1408
• Reworked symbolic execution code by @gustavo-grieco in #1394
• build(deps): bump DeterminateSystems/nix-installer-action from 18 to 19 by @dependabot[bot] in #1407
• Add values from tuple elements into the dictionary by @gustavo-grieco in #1406
• Test older solc versions on merge by @elopez in #1412
• Fix CI tests by @elopez in #1414
• Speed up coverage filename calculation by @elopez in #1411
• Reduce test flakiness by @elopez in #1416
• build(deps): bump actions/download-artifact from 4 to 5 by @dependabot[bot] in #1418
• build(deps): bump actions/checkout from 4 to 5 by @dependabot[bot] in #1419
• Update hevm to 9982c580ed19b88ebab9744d29d940fd2f0bd8c6 by @elopez in #1417
• Test improvements by @elopez in #1421
• docker: update base image; build with musl; include z3, bitwuzla by @elopez in #1422
• flake: add bitwuzla and cvc5 to fuzz shell by @elopez in #1425
• flake: update nixpkgs, foundry, bitwuzla by @elopez in #1427
• tests: fix default config to match default values in code by @elopez in #1429
• Update CODEOWNERS by @elopez in #1432
• Only verify suitable methods by @gustavo-grieco in #1431
• docs: fix incorrect Docker volume mount command by @zkpepe in #1433
• Update references to hevm repository by @elopez in #1435
• Add independent coverage directory configuration option by @BowTiedRadone in #1428
• ci: macos: add missing gmp rewrite by @elopez in #1440
• build(deps): bump actions/setup-python from 5 to 6 by @dependabot[bot] in #1442
• build(deps): bump softprops/action-gh-release from 2.3.2 to 2.3.3 by @dependabot[bot] in #1443
• fix: ppAbiValue mapping in JSON.mapCall for SolCall by @VolodymyrBg in #1445
• Fix build failure with GHC 9.10 by @elopez in #1446
• scripts: libff: enable C++11 on build by @elopez in #1447
• Fixed event decoding crash by @gustavo-grieco in #1450
• build(deps): bump DeterminateSystems/nix-installer-action from 19 to 20 by @dependabot[bot] in #1451
• ci: macos-13 -> macos-15-intel by @elopez in #1455
• Revamp HTML coverage report by @elopez in #1415
• Added initial support for generation of foundry reproducers by @gustavo-grieco in #1437
• Set up proper reversion state when loading transactions by @gustavo-grieco in #1453
• Support for encoding valid calls for callbacks by @gustavo-grieco in #1444
• echidna: enable rtsopts by @elopez in #1457
• Add solc constraint to the callback test by @gustavo-grieco in #1458
• Symbolic execution fixes to make sure no counter example is missed by @gustavo-grieco in #1441
• Downgrade z3 to 4.12.6 by @gustavo-grieco in #1461
• Include value into json output and use string instead of integer by @gustavo-grieco in #1460
• add foundry to docker image by @bsamuels453 in #1469
• Show trace instead of list of events when deployment failed by @gustavo-grieco in #1466
• Log shrinking status by @BowTiedRadone in #1454

New Contributors

• @divyaranjan1905 made their first contribution in #1404
• @zkpepe made their first contribution in #1433
• @BowTiedRadone made their first contribution in #1428
• @VolodymyrBg made their first contribution in #1445
• @bsamuels453 made their first contribution in #1469

Echidna 2.2.7

What's Changed

• UI is now more responsive and can be scrolled using the keyboard (arrow keys, PgUp/Down, Tab)
• Text mode now reports gas/s during a fuzzing campaign.
• The docker container and static binaries are now also built for ARM Linux.
• Users can now give a friendly name to a project through the config file and it will show in the UI.
• Bugs squashed when shrinking, generating random integers, collecting contract addresses into the internal dictionary, and counting gas usage.
• Echidna is now built with GHC 9.8.4
• hevm has been upgraded to release/0.55.0
  • This hevm release includes multiple fixes and performance improvements, including a fix for multiple contract deployments under a prank.
  • Full hevm changelog: argotorg/hevm@037ff11...2931f09

Deprecation notice

Important

The following features will be removed from future Echidna releases. This will be the last release supporting:

• Etheno integration, and the initialize configuration option
• Gas estimation (estimateGas configuration option)
• Concolic execution (symExecConcolic configuration option)

New Contributors

• @figtracer made their first contribution in #1357

Full Changelog: v2.2.6...v2.2.7

Echidna 2.2.6

What's Changed

• Users can now turn off the Slither integration with the disableSlither config option or the --disable-slither command-line flag (#1327).
  • This is only intended for development, and we do not recommend doing this as it degrades fuzzing efficiency.
  • Additionally, the UI now shows a visible warning when the Slither integration fails to execute for any reason.
• More statistics on exit: Echidna now prints the total call count (#1328)
• Precompiles now work correctly on Windows (#1333)
• hevm has been upgraded to release/0.54.2 (#1331)
  • This hevm release includes fixes for prank and startPrank. Pranking now applies to contract creation, and startPrank behavior now matches Foundry's.
  • Full hevm changelog: argotorg/hevm@f1f45d3...037ff11

Full Changelog: v2.2.5...v2.2.6

Echidna 2.2.5

What's Changed

• Support Ethereum Cancun upgrade, including MCOPY (#1317, #1309, #1300)
• Print a warning if an assert isn't hit in assert mode (#1110)
• Add support for the vm.label cheatcode when printing call sequences (#1314)
• Add support for other cheatcodes: startPrank, stopPrank, setEnv, and env{Bool,Uint,Int,Address,Bytes32,String,Bytes} (#1300)
• Collect coverage during contract deployment (#1304)
• Fix overflow behavior: overflows now revert the transaction, rather than causing Echidna to error (#1293)
• Add documentation (#1298)

Full Changelog: v2.2.4...v2.2.5

Echidna 2.2.4

Echidna 2.2.4 is an exciting release that brings a host of improvements in fuzzing speed and user experience. This update:

• Boosts performance through optimized shrinking and multicore fuzzing. Adjustments made to our multi-worker implementation will provide increased performance when multiple workers are in use, meaning you can now have a faster and more scalable fuzzing experience. Echidna will now by default run between one to four workers, based on the available CPU cores. While we have set an intelligent default logic, you can continue to manually control the number of workers with the workers config option or --workers CLI switch. Another welcome tweak is in the shrinking process where a single worker now handles a shrinking task to minimize contention.

• Enhances user interface with handy shortcuts, added metrics, more informative messages, and clearer error responses. The new shortcuts allow for swiftly toggling the visibility of the tests and log panels (t and l). The newly introduced performance metric gas/s should be a more user-friendly indicator of execution performance than its predecessor calls/s. Expect insightful time measurements when saving coverage and an added message upon saving reproducers. Last but not least, we improved the error messages in various conditions, for better clarity and ease of understanding.

• Adds initial support to TLOAD/TSTORE opcodes as we continue our work towards achieving full compatibility with Cancun. Note that other new opcodes from Cancun are still not supported, so we recommend working with solc 0.8.24 or older for the time being.

• Introduces more configuration options including the ability to specify the Etherscan API key via the config file.

Take a peek at Echidna v2.2.4 in action fuzzing assert.sol:

The full changelog is provided below:

Added

• Toggle tests and log panes on t and l by @arcz in #1197
• Use measureIO when saving coverage by @samalws-tob in #1202
• Adjust default GC allocation area by @elopez in #1228
• Update filterFallbacks to be selective rather than all-or-nothing by @samalws-tob in #1200
• Add symbolic execution by @samalws-tob in #1216
• Support configuring Etherscan API key via config file by @elopez in #1227
• Allow to use specific filter for direct symexec by @ggrieco-tob in #1251
• Display assertion failure immediately once falsified in text mode by @samalws-tob in #1271
• Emit log message when saving reproducers by @samalws-tob in #1273
• Emit "saved reproducer" log message as event rather than putStrLn by @samalws-tob in #1274
• Show gas per second in the UI by @samalws-tob in #1279
• Show trace on UnknownFailure by @samalws-tob in #1283
• Initial support for tstore/tload by @ggrieco-tob in #1286
• Raise default number of workers by @elopez on #1288 [BREAKING CHANGE]

Fixed

• Improve delay shrinking by @arcz in #1196
• Improved shrinking removing reverts from reproducers by @ggrieco-tob in #1250
• Shrink on one worker by @arcz in #1280
• Fix Windows support after crytic-compile changes by @elopez in #1235
• ci, release: pin macOS runners to the correct architectures by @elopez in #1244
• Avoid a crash when invalid filtering is used and provide a better error message by @ggrieco-tob in #1258
• Improve max code size error message by @arcz in #1269
• Fix MVar issue by @samalws-tob in #1281
• Minor change for symExecTimeout comments by @samalws-tob in #1285
• chore: fix some typos by @yetyear in #1215
• Fix typos by @xiaoxianBoy in #1217
• chore: remove repetitive word by @findseat in #1232
• Fix some typos in comments by @momantech in #1238
• chore: fix some comments by @cangqiaoyuzhuo in #1272
• Fix typos by @omahs in #1287
• Docs improvement by @nnsW3 in #1278

Updated

• Bump softprops/action-gh-release from 0.1.15 to 2.0.3 by @dependabot in #1203
• Bump softprops/action-gh-release from 2.0.3 to 2.0.4 by @dependabot in #1220
• Bump softprops/action-gh-release from 2.0.4 to 2.0.5 by @dependabot in #1255
• Bump softprops/action-gh-release from 2.0.5 to 2.0.6 by @dependabot in #1277
• Bump cachix/install-nix-action from 25 to 26 by @dependabot in #1204
• Bump cachix/install-nix-action from 26 to 27 by @dependabot in #1263
• Bump DeterminateSystems/magic-nix-cache-action from 3 to 4 by @dependabot in #1222
• Bump DeterminateSystems/magic-nix-cache-action from 4 to 6 by @dependabot in #1257
• Bump DeterminateSystems/magic-nix-cache-action from 6 to 7 by @dependabot in #1267
• Bump DeterminateSystems/nix-installer-action from 9 to 10 by @dependabot in #122
• Bump DeterminateSystems/nix-installer-action from 10 to 11 by @dependabot in #1256
• Bump DeterminateSystems/nix-installer-action from 11 to 12 by @dependabot in #1268
• Bump cachix/cachix-action from 14 to 15 by @dependabot in #1262
• Bump docker/build-push-action from 5 to 6 by @dependabot in #1275
• Bump sigstore/gh-action-sigstore-python from 2.1.1 to 3.0.0 by @dependabot in #1289
• Upgrade hevm to latest echidna-patches commit by @elopez in #1243

New Contributors

• @yetyear made their first contribution in #1215
• @xiaoxianBoy made their first contribution in #1217
• @findseat made their first contribution in #1232
• @momantech made their first contribution in #1238
• @cangqiaoyuzhuo made their first contribution in #1272
• @nnsW3 made their first contribution in #1278

Full Changelog: v2.2.3...v2.2.4

Echidna 2.2.3

What's Changed

• Bump actions/cache from 3 to 4 by @dependabot in #1173
• Refactor BuildOutput by @arcz in #1174
• Validate corpus while replaying by @arcz in #1177
• Refactor by @arcz in #1178
• Save traces for every transaction in reproducer by @arcz in #1180
• Display contract names in UI by @arcz in #1181
• Fix faulty corpus transaction detection by @arcz in #1184
• Bump DeterminateSystems/magic-nix-cache-action from 2 to 3 by @dependabot in #1186
• nix: enhance TERMINFO for Linux builds by @elopez in #1187
• Update hevm to 0.53.0 by @arcz in #1189
• Update README.md by @0xicingdeath in #1190
• Speed up shrinking in some cases by @samalws-tob in #1192
• feat: add CLI commands for RPC URL and block number by @penandlim in #1194
• Echidna 2.2.3 by @arcz in #1195

New Contributors

• @penandlim made their first contribution in #1194

Full Changelog: v2.2.2...v2.2.3

Echidna 2.2.2

What's Changed

• Save corpus and reproducers continuously (#1167)
• Deliver status information using server-sent events (#1131)
• Performance improvements for coverage collection (#1160)
• Make slither optional (#1159)
• Rich trace printing (#1157)
• Static builds and release workflow (#1133)
• Re-enables using slither for vyper files (#1108)
• Dependency updates (#1153, #1096, #1154)

Full Changelog: v2.2.1...v2.2.2

Echidna 2.2.1

What's Changed

• Shanghai fork support with hevm 0.51.3 (#1090)
• Fixed coverage collection for delegatecalls (#1083)
• Added events to JSON output (#1069)
• Changed event sequence to be displayed on new lines (#1079)
• Improved "No tests found in ABI" error message (#1077)
• Refactored code (#1070, #1074)

Full Changelog: v2.2.0...v2.2.1