The fuzzing and testing framework for Solidity, written in Python. Wake helps you write safer smart contracts, faster.
Built by Ackee Blockchain Security — trusted auditors of Lido, Safe, and Axelar.
- Built-in fuzzing — automatically generate diverse inputs and edge cases to uncover hidden vulnerabilities
- Vulnerability detectors — catch reentrancy, overflows, and logic flaws early
- Seamless developer experience — VS Code extension, GitHub Actions, solc manager
- Cross-chain testing — works with Anvil, Hardhat, and Ganache
- Testing framework based on pytest — write clean, simple tests with familiar tooling
- Manually-guided fuzzing (MGF) — combine automated fuzzing with human insights to target specific contract behaviors and edge cases
- Property-based fuzzer — automatically generate diverse inputs to uncover hidden bugs faster
- Deployments & mainnet interactions — test contracts in realistic environments before going live
- Vulnerability and code quality detectors — detect reentrancy, overflows, and bad patterns early in development
- Printers for extracting useful information from Solidity code — gain insights into contract structures and flows
- Static analysis framework for custom detectors and printers — extend Wake with project-specific rules
- GitHub actions for setting up Wake and running detectors — integrate seamlessly into CI/CD pipelines
- Language server (LSP) — get autocompletion, hints, and references inside your IDE
- VS Code extension (Solidity (Wake)) — instant feedback while writing Solidity code
- Solc version manager — manage compiler versions with ease for consistent builds
| Slither | ApeWorx | Brownie | Hardhat | Foundry | Wake | |
|---|---|---|---|---|---|---|
| Language | Python | Python | Python | Typescript | Rust | Python |
| Maintained | ✅ | ✅ | ❌ | ✅ | ✅ | ✅ |
| Testing | ❌ | ✅ | ✅ | ✅ | ✅ | ✅ |
| Fuzzing | ❌ | ❌ | ✅* | ✅** | ✅ | ✅ |
| Detectors | ✅ | ❌ | ❌ | ❌ | ❌ | ✅ |
| Language server | ❌ | ❌ | ❌ | ✅ | ❌ | ✅ |
* available with Hypothesis plugin ** only in Solidity
- Python (version 3.8 or higher)
- Rosetta must be enabled on Apple Silicon Macs
via pip
pip3 install eth-wake| Vulnerability | Severity | Project | Method | Discovered by | Resources |
|---|---|---|---|---|---|
| Profit & loss accounted twice | Critical | IPOR | Fuzz test | Ackee Blockchain | Report, Wake tests |
| Loan refinancing reentrancy | Critical | PWN | Detector | Ackee Blockchain | Report |
| Incorrect optimization in loan refinancing | Critical | PWN | Fuzz test | Ackee Blockchain | Report, Wake tests |
| Incorrect enqueued keys accounting | High | Lido | Fuzz test | Ackee Blockchain | Report, Wake tests |
| Console permanent denial of service | High | Brahma | Fuzz test | Ackee Blockchain | Report |
| Swap unwinding formula error | High | IPOR | Fuzz test | Ackee Blockchain | Report, Wake tests |
| Swap unwinding fee accounted twice | High | IPOR | Fuzz test | Ackee Blockchain | Report, Wake tests |
| Incorrect event data | High | Solady | Integration test | Ackee Blockchain | Report, Wake tests |
INTEREST_FROM_STRATEGY_BELOW_ZERO reverts DoS |
Medium | IPOR | Fuzz test | Ackee Blockchain | Report, Wake tests |
| Inaccurate hypothetical interest formula | Medium | IPOR | Fuzz test | Ackee Blockchain | Report, Wake tests |
| Swap unwinding fee normalization error | Medium | IPOR | Fuzz test | Ackee Blockchain | Report, Wake tests |
| Liquidation deposits accounted into LP balance | Medium | IPOR | Fuzz test | Ackee Blockchain | Report, Wake tests |
| Missing receive function | Medium | Axelar | Fuzz test | Ackee Blockchain | Wake tests |
SafeERC20 not used for approve |
Medium | Lido | Fuzz test | Ackee Blockchain | Wake tests |
| Non-optimistic vetting & unbonded keys bad accounting | Medium | Lido | Fuzz test | Ackee Blockchain | Report, Wake tests |
| Chainlink common denominator bad logic | Medium | PWN | Fuzz test | Ackee Blockchain | Report, Wake tests |
| Outdated/reverting Chainlink feed causes DoS | Medium | PWN | Fuzz test | Ackee Blockchain | Report, Wake tests |
| Incorrect EIP-712 typehash | Medium | PWN | Detector | Ackee Blockchain | Report |
| Incorrect EIP-712 data encoding | Medium | PWN | Fuzz test | Ackee Blockchain | Report, Wake tests |
Wake’s fuzzer builds on top of the testing framework and allows efficient fuzz testing of Solidity smart contracts.
from wake.testing import *
from wake.testing.fuzzing import *
from pytypes.contracts.Counter import Counter
class CounterTest(FuzzTest):
def pre_sequence(self) -> None:
self.counter = Counter.deploy()
self.count = 0
@flow()
def increment(self) -> None:
self.counter.increment()
self.count += 1
@flow()
def decrement(self) -> None:
with may_revert(PanicCodeEnum.UNDERFLOW_OVERFLOW) as e:
self.counter.decrement()
if e.value is not None:
assert self.count == 0
else:
self.count -= 1
@invariant(period=10)
def count(self) -> None:
assert self.counter.count() == self.count
@chain.connect()
def test_counter():
CounterTest().run(sequences_count=30, flows_count=100)All vulnerability & code quality detectors can be run using:
wake detect allRun a specific detector:
wake detect <detector-name>See the documentation for a full list of detectors.
Run a printer:
wake print <printer-name>See the documentation for a full list of printers.
For custom detectors & printers, check the getting started guide and repos for wake_detectors and wake_printers.
Wake implements an LSP server for Solidity. Run it with:
wake lspOr specify a port (default 65432):
wake lsp --port 1234See all features in the documentation.
- Wake documentation
- Contributing guide
- Follow X/Twitter for updates and tips
This project is licensed under the ISC license.
| RockawayX | Coinbase |
|---|---|
 |
 |