Automic VaultAutomic Vault

brew

Install echidna with Homebrew, Nix

Ethereum smart contract fuzzer. Version 2.3.2 via Homebrew; verified 2026-06-15.

install

Additional install commands

macOS

Homebrewverified · 100%
brew install echidna

local Homebrew formula metadata

Linux

Nixverified · 92%
nix profile install nixpkgs#echidna

nixpkgs package indexes · pkgs/by-name/ec/echidna/package.nix · source: api.github.com

overview

Package summary

Ethereum smart contract fuzzer

Commands and aliases

  • echidna

history

Project history and usage

Echidna is Crytic's Ethereum smart-contract fuzzer, written in Haskell and aimed at property-based and invariant testing. It became package-manager significant because smart-contract security teams need a reproducible CLI fuzzer that works with Solidity projects, build systems, CI, and containerized audit workflows.

Project history

The public GitHub repository was created in August 2017. The README describes Echidna as a Haskell program for fuzzing and property-based testing of Ethereum smart contracts, using grammar-based campaigns based on a contract ABI to falsify user-defined predicates or Solidity assertions.

Early public GitHub release artifacts date to 2018, with 1.0.0.0 published in June 2019. By 2026 the project had reached the 2.3.x release line and remained active, with thousands of GitHub stars and ongoing pushes.

The project grew from simple echidna_ boolean properties into a broader testing tool. The README documents property, assertion, Foundry, overflow, optimization, and exploration modes, corpus collection, coverage output, JSON output, shrinking/minimization, and line-level coverage reporting.

Echidna is part of the Crytic security tooling ecosystem. The README notes Slither integration for extracting useful information before fuzzing and crytic-compile support for Foundry, Hardhat, and Truffle projects.

Adoption history

Echidna's adoption followed smart-contract security practice: auditors and protocol developers needed fuzzing that understood Ethereum ABIs, Solidity assertions, build systems, and reproducible counterexamples. Its official docs live under the Building Secure Contracts material, placing it inside Trail of Bits/Crytic security education rather than only as a standalone CLI.

Distribution broadened beyond source builds. The README documents precompiled Linux and macOS binaries, Homebrew installation, Docker images hosted under the Crytic GitHub packages, and a GitHub Actions workflow through crytic/echidna-action. Homebrew installs Echidna with dependencies such as Slither and crytic-compile.

How it is used

Typical usage is to run echidna against a Solidity contract or project, define properties as echidna_-prefixed boolean functions, and let the fuzzer search for call sequences that falsify them. For modern projects, echidna . can use the current build framework through crytic-compile.

Configuration is commonly supplied through a YAML file passed with --config config.yaml. Users tune EVM and test-generation parameters, select test modes, collect corpora, and integrate results into text, JSON, or CI workflows.

Why package nerds care

Echidna is a good example of a specialized security CLI that packaging makes practical: the value is not a library import, but a reproducible executable with native dependencies, Solidity tooling, Slither, crytic-compile, solc management, and CI/container options all lined up.

It also shows the package-manager pressure created by blockchain tooling. Auditors want pinned versions for repeatable findings, while protocol teams want easy local installs and GitHub Actions coverage in fast-moving Solidity/Foundry/Hardhat projects.

Timeline

  • 2017: Public Echidna repository created.
  • 2018: Early GitHub release artifacts published.
  • 2019: Echidna 1.0.0.0 released.
  • 2020: Echidna 1.3.0.0 release line visible on GitHub.
  • 2026: Echidna 2.3.2 released, with active repository maintenance.

Related projects

  • Slither and crytic-compile are direct companion tools in the Crytic ecosystem.
  • Foundry, Hardhat, and Truffle are supported build-system inputs.
  • crytic/echidna-action and the official Docker images support CI and containerized adoption.

security posture

Risk level: green

narrow executable package without higher-risk signals.

Risk classifier

green risk · low confidence · appliance

Why

  • narrow executable package without higher-risk signals

Signals

  • metadata:no-higher-risk-signals

Install behavior

  • No Homebrew post-install hook is recorded in formula metadata.
  • Homebrew bottle metadata is available for 6 platform targets.
  • Installs with 5 runtime dependencies.
  • Build metadata lists 2 build dependencies.

Recommended review

Before unattended agent use, check whether the tool reads plaintext credentials, writes remote state, publishes artifacts, or shells out to plugins.

local files

Configuration and credential file locations

These source-backed paths show where this package keeps local settings or durable credentials. Automic Vault can use them as review targets for secret scanning, migration, and command approval.

Configuration files

Config paths the tool may read or write during local use.

Unix
config.yaml

executables

Installed executables

CommandKindExposureNote
echidnacliglobal executable

freshness

Version and freshness

These signals separate page generation age, package-manager activity, and upstream release comparison. Version lag is warned only when an evidence URL and comparable versions are present.

page generated2026-07-08
manager version2.3.2
manager updated2026-06-15
local dataok
upstreamcurrent
latest detectedv2.3.2

https://github.com/crytic/echidna

  • okNo freshness warnings were generated.

install metadata

Package metadata

Package keybrew:echidna
Version2.3.2
Package managerHomebrew
Package manager pagehttps://formulae.brew.sh/formula/echidna
Homepagehttps://secure-contracts.com/program-analysis/echidna/index.html
Repositoryhttps://github.com/crytic/echidna
Upstream docshttps://github.com/crytic/echidna#readme
LicenseAGPL-3.0-only
Source archivehttps://github.com/crytic/echidna/archive/refs/tags/v2.3.2.tar.gz
Last updated2026-06-15T10:20:15-04:00
Pulseupdated
Dependenciescrytic-compile, gmp, libff, secp256k1, slither-analyzer
Build dependenciesghc@9.10, haskell-stack
Uses from macOSncurses
Bottleavailable (on arm64_linux, arm64_sequoia, arm64_sonoma, arm64_tahoe, sonoma, x86_64_linux)
Homebrew post-installnot defined
Servicenone declared

registry facts

Source database details

Source DatabaseHomebrew formula API
Taphomebrew/core
Full Nameechidna
Version Scheme0
Revision0
Head VersionHEAD
Bottle Stable Root URLhttps://ghcr.io/v2/homebrew/core
Deprecatedno
Disabledno
Keg Onlyno
URL Keys
  • head
  • stable

source database matches

Other package-manager records

Matches are pulled from external package-manager indexes and kept separate from local Automic Vault package links.

Nix95%

echidna

nix profile install nixpkgs#echidna
  • normalized package name match
  • Matched by: Echidna
nixpkgs package indexes · api.github.com · nixpkgs package indexes: pkgs/by-name/ec/echidna/package.nix from https://api.github.com/repos/NixOS/nixpkgs/git/trees/master?recursive=1

source trail

Generated from repository data

This page is generated by av-web from the private package SQLite artifact built by scripts/generate-pkg-sqlite.py.

Used sources

  • Geiger risk classifier
  • Nucleus package database
  • av.db category and tag curation
  • cross-ecosystem install command graph
  • curated configuration and credential file locations
  • curated package history
  • external package-manager database matches
  • package relationship graph
  • package version freshness
  • package-page enrichment