Overview
Foundry is the dominant smart contract development framework. ChainProof can provide significantly more value by correlating its static findings with existing Foundry tests — identifying which findings already have test coverage, which are untested, and generating test stubs for unexercised vulnerability patterns.
Proposed Integration
Phase 1: Test Coverage Correlation
- Run forge coverage --report lcov to generate LCOV data
- Parse LCOV to determine which lines are covered
- For each ChainProof finding, check if the flagged line is covered
- Add testCoverage: boolean to Finding — if true, a test exercises this code path
Phase 2: Test Stub Generation
For findings with no test coverage, generate a Foundry test stub:
// Auto-generated by ChainProof — test stub for CP-107 at Vault.sol:42
contract VaultReentrancyTest is Test {
Vault vault;
AttackContract attacker;
function setUp() public {
vault = new Vault();
attacker = new AttackContract(address(vault));
}
function test_reentrancy_withdraw_line42() public {
// TODO: fund vault and attacker, then call attacker.attack()
vm.expectRevert();
attacker.attack();
}
}
Phase 3: Invariant Test Hints
For CP-101 (overflow) findings, suggest property-based invariant test functions using Foundry's vm.assume and assertLe patterns.
CLI Flags
chainproof scan contracts/ --foundry --coverage-report lcov.info
chainproof scan contracts/ --generate-tests test/chainproof/
Acceptance Criteria
Overview
Foundry is the dominant smart contract development framework. ChainProof can provide significantly more value by correlating its static findings with existing Foundry tests — identifying which findings already have test coverage, which are untested, and generating test stubs for unexercised vulnerability patterns.
Proposed Integration
Phase 1: Test Coverage Correlation
Phase 2: Test Stub Generation
For findings with no test coverage, generate a Foundry test stub:
Phase 3: Invariant Test Hints
For CP-101 (overflow) findings, suggest property-based invariant test functions using Foundry's vm.assume and assertLe patterns.
CLI Flags
Acceptance Criteria