Skip to content

feat: Integrate with Foundry test suite to correlate findings with test coverage #12

Description

@Nanle-code

Overview

Foundry is the dominant smart contract development framework. ChainProof can provide significantly more value by correlating its static findings with existing Foundry tests — identifying which findings already have test coverage, which are untested, and generating test stubs for unexercised vulnerability patterns.

Proposed Integration

Phase 1: Test Coverage Correlation

  1. Run forge coverage --report lcov to generate LCOV data
  2. Parse LCOV to determine which lines are covered
  3. For each ChainProof finding, check if the flagged line is covered
  4. Add testCoverage: boolean to Finding — if true, a test exercises this code path

Phase 2: Test Stub Generation

For findings with no test coverage, generate a Foundry test stub:

// Auto-generated by ChainProof — test stub for CP-107 at Vault.sol:42
contract VaultReentrancyTest is Test {
    Vault vault;
    AttackContract attacker;

    function setUp() public {
        vault = new Vault();
        attacker = new AttackContract(address(vault));
    }

    function test_reentrancy_withdraw_line42() public {
        // TODO: fund vault and attacker, then call attacker.attack()
        vm.expectRevert();
        attacker.attack();
    }
}

Phase 3: Invariant Test Hints

For CP-101 (overflow) findings, suggest property-based invariant test functions using Foundry's vm.assume and assertLe patterns.

CLI Flags

chainproof scan contracts/ --foundry --coverage-report lcov.info
chainproof scan contracts/ --generate-tests test/chainproof/

Acceptance Criteria

  • LCOV parser in packages/core/src/integrations/lcov.ts
  • testCoverage: boolean field on Finding
  • Coverage correlation shown in Markdown report and terminal table
  • Test stub generator for CP-107, CP-101, CP-115, CP-116
  • --foundry CLI flag that auto-detects and runs forge coverage
  • --generate-tests CLI flag
  • Generated test files compile with Foundry without modification

Metadata

Metadata

Assignees

Labels

GrantFox OSSIssue tracked in GrantFox OSSMaybe RewardedIssue may be eligible for a GrantFox rewardOfficial CampaignCampaign: Official CampaignenhancementNew feature or request

Type

No type

Fields

No fields configured for issues without a type.

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions