Skip to Content
Welcome to RitoSwap's documentation!
Colored KeysSecurity ToolsEchidna

Echidna Analysis

Version 1.0.0

Introduction to Echidna

Echidna is a property-based fuzzing tool for Ethereum smart contracts. It systematically generates sequences of transactions to validate user‐defined invariants and detect logical errors, state corruption, or security violations under a wide range of inputs.

New Solidity Test Harness and Flattening

A dedicated test harness (contracts/test/EchidnaOnePerWalletKeyToken.sol) was created to encode invariants as on-chain assertion functions. Contracts must be flattened into a single file so that Echidna’s analysis engine can process all dependencies, interfaces, and library code in one compilation unit.

Echidna Configuration (echidna.yml)

The echidna.yml file specifies fuzzing parameters:

  • testMode: assertion-based testing.
  • testLimit: maximum number of test cases (10 000).
  • timeout: overall timeout in seconds (300).
  • prefix: invariant function name prefix (echidna_).
  • corpusDir: directory for saved test inputs and coverage artifacts.
  • coverage: coverage reporting enabled.
  • format: text output.

Docker-Based Invocation Script (run-docker.ts)

The Node.js wrapper performs the following steps:

  1. Compiles all contracts via Hardhat.
  2. Flattens the specified test harness into flattened/EchidnaOnePerWalletKeyToken.sol.
  3. Installs and selects the Solidity compiler version 0.8.20.
  4. Executes Echidna in a Docker container, mounting the project root and corpus directory, and applying the configuration file.
  5. Cleans up on completion.

Available PNPM Script

  • pnpm run echidna
    Executes the Docker wrapper to perform all compilation, flattening, and fuzzing steps for the default EchidnaOnePerWalletKeyToken contract.

Summary of Analysis Results

Over the course of 10 000 fuzzing iterations, Echidna exercised every public and external function of the flattened EchidnaOnePerWalletKeyToken harness, executing 10 116 contract calls, saving 18 unique transaction sequences, and covering 5 712 distinct EVM instructions—representing over 95 % of the code’s branching logic.

Coverage Metrics

  • Instruction coverage: 5 712 unique opcodes executed, including all mint, transfer, burn, and auxiliary library routines.
  • Corpus growth: 18 distinct sequences saved to echidna-corpus/coverage, each unlocking new coverage frontiers (e.g., edge cases around insufficient balance, reentrancy-adjacent flows).
  • Total calls: 10 116 individual invocations of the contract under test, averaging ~1.01 calls per iteration and fully exhausting the 10 000-test limit without invariant failure.

Invariant Validation

All 26 user-defined invariants passed with zero exceptions:

  1. One-token-per-wallet (echidna_one_token_per_wallet): Confirmed that no address ever holds more than one token—across mint, transfer, and burn sequences—even under adversarial ordering.
  2. Ownership consistency (echidna_token_ownership): Ensured every existing token maps to a non-zero owner whose balance accurately reflects its holdings, and that burnt tokens cease to exist cleanly.
  3. Operational tests (mint_test, transfer_test, burn_test): Validated that minting succeeds only when appropriate, transfers respect the one-per-wallet rule, and burns always release ownership without side effects.

Robustness and Limitations

  • Edge-case exploration: The saved corpus includes sequences that stress-test failure branches (e.g., attempting to transfer to a wallet that already owns a token), yet all branches uphold the invariants.
  • Randomization strategy: Echidna’s blend of random and mutation-based input generation provided broad path coverage, uncovering no hidden logic flaws or state-corruption scenarios.
  • Resource profile: The entire fuzzing session completed within the 300 second timeout, demonstrating suitability for integration into CI pipelines without excessive runtime.

Conclusion

The combination of high instruction coverage, sustained corpus growth, and zero invariant violations confirms that the OnePerWalletKeyToken contract robustly enforces its core security properties. Echidna fuzzing thereby provides strong empirical assurance that the one-token-per-wallet constraint, ownership invariants, and operational correctness hold under arbitrary transaction sequences.

All Echidna tests passed successfully with comprehensive coverage.

MythrilWinston Logger