Skip to content

Ackee-Blockchain/ethprague-2024-workshop-fuzzing

Repository files navigation

What the Fuzz? Find Bugs in Your Solidity Code!

This workshop is brought to you with ❤️ by Ackee Blockchain Security and authored by Andrey Babushkin.

If you have any questions or need help, feel free to reach out at any time!

horizontal splitter

Workshop Description

This workshop is designed to introduce you to the world of fuzzing. For this workshop, we will be learning the use case of the Stonks protocol by Lido, where using a fuzz test written by Ackee Blockchain helped uncover a medium-severity bug in the code. The original fuzz test can be found here.

For the workshop, you will need:

  1. A basic understanding of smart contracts and Solidity;
  2. A laptop with VSCode and Python installed;
  3. Good mood and a desire to learn!

Lido Stonks

Stonks is a set of smart contracts that allows the Lido treasury to swap the stETH token for stablecoins and back. The protocol is designed to be fully decentralized and governed by the Lido DAO. The full proposal with a detailed description of the Stonks rationale can be found here. Here, we extract the workflow of the original Stonks protocol:

  1. The Stonks protocol acts as a receiver of tokens and a container of swap operations set by Lido DAO. For each swap pair, a separate Stonks instance is deployed.
  2. Tokens are transferred from the DAO Treasury to the Stonks instance.
  3. Stonks deploys a new Order contract via placeOrder function and it automatically sends all available assets there.
  4. After deployment, the Order emits an event about its creation, sets an allowance to the CoW vault relayer contract and waits until this order is completed. At this step, the Order contract uses the price data from the Chainlink oracle to calculate the amount of target tokens.
  5. An off-chain component listens for the event and executes the swap on the CoW contract.

Lido Stonks Diagram

For this workshop, we simplify things a little (but like really a little). We do not care about the CoW protocol, and we do not care about the Chainlink oracle. The oracle is replaced by a Market contract that returns the fixed price for all pairs with some random noise. Otherwise, the protocol and the code remain the same.

Lido Stonks Workshop Simplified Diagram

Workshop Agenda

  1. Clone this repository:

    git clone --recurse-submodules [email protected]:Ackee-Blockchain/ethprague-2024-workshop-fuzzing.git
    cd ethprague-2024-workshop-fuzzing
  2. Open the ethprague-2024-workshop-fuzzing folder in VSCode.

  3. In VSCode, install the Tools for Solidity (Wake) extension.

  4. Explore the contracts folder to understand the Stonks protocol.

  5. Explore a fuzz test for the Stonks protocol written for use with Foundry in tests/Foundry.t.sol.

  6. (optional) Foundry fuzz test can be run with:

    forge test --fork-url https://ethereum-rpc.publicnode.com -vvv
  7. Create pytypes for the Stonks protocol using the Wake framework:

    wake init pytypes
  8. Open the tests/test_fuzz.py file and rewrite the fuzz test to use the Wake framework. The reference test implementation can be found in tests/test_fuzz_solution.py.

  9. Run the fuzz test with:

    wake test
  10. Analyze the results and understand the bug that causes the test to fail.

  11. Fix the bug in the Stonks protocol.

  12. Run the fuzz test again to ensure the bug is fixed.

  13. Celebrate your success!

  14. Share your experience with the workshop on social media and tag us @CyberBabushkin and @AckeeBlockchain.

  15. Enjoy the rest of the conference!

About

No description, website, or topics provided.

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published