// the find
crytic/echidna
Ethereum smart contract fuzzer
Echidna is a property-based fuzzer for Ethereum smart contracts, maintained by Trail of Bits. It generates ABI-aware transaction sequences to falsify user-defined invariants, supports multiple testing modes (property, assertion, Foundry-style, overflow), and integrates with Slither for static analysis hints. It's the go-to tool for serious smart contract security work, not weekend hobby testing.
- ABI-aware grammar-based fuzzing means it generates structurally valid calldata rather than random bytes - this matters enormously for hitting contract logic instead of bouncing off input validation
- Automatic test case minimization (shrinking) is built in, so when it finds a bug you get a minimal reproduction sequence rather than a 200-transaction trace to debug
- Slither integration to seed the fuzzer with useful constants and code paths before the campaign starts genuinely improves coverage over blind fuzzing
- Proven real-world track record - the trophy list includes actual bugs found in Uniswap, Balancer, Origin Dollar, Liquity - not toy examples
- Built in Haskell, which means building from source is a pain for anyone outside the Nix/Stack ecosystem; the dependency chain (libff, libsecp256k1, hevm) regularly causes build failures on non-standard setups
- Vyper support is explicitly marked 'wont fix' and library testing support is also limited - if your codebase uses either heavily, you're in trouble
- Docker images only build for x86, and running on ARM (M1/M2 Macs) via emulation has a significant performance penalty - a fuzzer that runs 2x slower is meaningfully worse
- The corpus format and Coverage JSON schema are documented as 'subject to change' and the config YAML has a large flat key space with no schema validation, so config errors tend to silently use defaults rather than error