This workshop is brought to you with ❤️ by Ackee Blockchain Security and authored by Andrey Babushkin.
If you have any questions or need help, feel free to reach out at any time!
This workshop is designed to introduce you to the world of fuzzing. For this workshop, we will be learning the use case of the Stonks protocol by Lido, where using a fuzz test written by Ackee Blockchain helped uncover a medium-severity bug in the code. The original fuzz test can be found here.
For the workshop, you will need:
- A basic understanding of smart contracts and Solidity;
- A laptop with VSCode and Python installed;
- Good mood and a desire to learn!
Stonks is a set of smart contracts that allows the Lido treasury to swap the stETH token for stablecoins and back. The protocol is designed to be fully decentralized and governed by the Lido DAO. The full proposal with a detailed description of the Stonks rationale can be found here. Here, we extract the workflow of the original Stonks protocol:
- The Stonks protocol acts as a receiver of tokens and a container of swap operations set by Lido DAO. For each swap pair, a separate Stonks instance is deployed.
- Tokens are transferred from the DAO Treasury to the Stonks instance.
- Stonks deploys a new Order contract via
placeOrder
function and it automatically sends all available assets there. - After deployment, the Order emits an event about its creation, sets an allowance to the CoW vault relayer contract and waits until this order is completed. At this step, the Order contract uses the price data from the Chainlink oracle to calculate the amount of target tokens.
- An off-chain component listens for the event and executes the swap on the CoW contract.
For this workshop, we simplify things a little (but like really a little). We do not care about the CoW protocol, and we do not care about the Chainlink oracle. The oracle is replaced by a Market contract that returns the fixed price for all pairs with some random noise. Otherwise, the protocol and the code remain the same.
-
Clone this repository:
git clone --recurse-submodules [email protected]:Ackee-Blockchain/ethprague-2024-workshop-fuzzing.git cd ethprague-2024-workshop-fuzzing
-
Open the
ethprague-2024-workshop-fuzzing
folder in VSCode. -
In VSCode, install the Tools for Solidity (Wake) extension.
-
Explore the
contracts
folder to understand the Stonks protocol. -
Explore a fuzz test for the Stonks protocol written for use with Foundry in
tests/Foundry.t.sol
. -
(optional) Foundry fuzz test can be run with:
forge test --fork-url https://ethereum-rpc.publicnode.com -vvv
-
Create
pytypes
for the Stonks protocol using theWake
framework:wake init pytypes
-
Open the
tests/test_fuzz.py
file and rewrite the fuzz test to use theWake
framework. The reference test implementation can be found intests/test_fuzz_solution.py
. -
Run the fuzz test with:
wake test
-
Analyze the results and understand the bug that causes the test to fail.
-
Fix the bug in the Stonks protocol.
-
Run the fuzz test again to ensure the bug is fixed.
-
Celebrate your success!
-
Share your experience with the workshop on social media and tag us @CyberBabushkin and @AckeeBlockchain.
-
Enjoy the rest of the conference!