How to install and use Foundry toolkit for smart contract auditing

Andrii Stepanov
Marketing Manager
4 Minutes Read

What is Foundry?

Foundry is a blazingly fast, portable, and modular toolkit for Ethereum application development written in Rust.

Foundry consists of:

  • Forge: Ethereum testing framework (like Truffle, Hardhat and DappTools).
  • Cast: Swiss army knife for interacting with EVM smart contracts, sending transactions, and getting chain data.
  • Anvil: Local Ethereum node, akin to Ganache, Hardhat Network.
  • Chisel: Fast, utilitarian, and verbose solidity REPL.

How to install Foundry

foundryup is the Foundry toolchain installer.

Open your terminal and run the following command:

curl -L https://foundry.paradigm.xyz | bash

This will install Foundryup, then simply follow the instructions on-screen, which will make the foundryup command available in your CLI.

Running foundryup by itself will install the latest (nightly) precompiled binaries: forge, cast, anvil, and chisel. See foundryup –help for more options, like installing from a specific version or commit.

Initialize a new foundry project

Create a new directory and navigate into it. After that, execute forge init to set up a new foundry project.

It will contain the following files and directories:

  • README.md – here you can include a description of our project
  • foundry.toml – configuration file which will contain remapping and short names of the directories
  • lib – contains dependencies required for the project
  • script – directory for custom scripts
  • src – default directories for contracts
  • test – directory used for tests

Create your first smart contract

When the project is initialized, we are ready to play with a default smart contract located in the src directory.

In this contract, we can store a number of any choice and increment it with a special function. Before the contract deployment, it should be thoroughly tested out. As we already have a test located in the test directory, let’s check a test coverage with a forge coverage command.

Nice! The contract is 100% covered with tests. Now, let’s run them. A test can be easily executed with a forge test command, and adding -vvv will give us additional information about its execution.

All our tests passed successfully. From now, we can deploy the contract to our own local net hosted with anvil, which is delivered as a part of the Foundry toolset. To fire up a local net, everything needs to be done is run execute “anvil” command in a separate terminal window:

As you can see, it provides you with several test accounts with mnemonic phrases, private keys, and an initial balance of 10,000 ETH. Also, there’s useful information such as a chain ID, gas limit, live logs of the net, etc.

After we start the local chain, we can deploy a contract to it in several ways: script or manual deployment.

Manual deployment is the easiest method to deploy contracts to the local net. To deploy a contract with this method, execute the forge create ContractName –interactive and follow the steps required.

As you can see, the Counter contract was deployed. This can be verified through the anvil log, which was started in a separate terminal.

Also, the contract can be deployed with a script located in the script directory. To deploy a contract with a script, execute forge script script/Script.s.sol –rpc-url http://127.0.0.1:8545 –broadcast –private-key private_key

When the contract is deployed, the only thing we can do is interact with it on our local chain. Let’s store “1337” on it. We can call a function of a deployed contract with a cast tool, which is also delivered as a part of a Foundry toolset. To execute a store function, we should know the type of data it stores. In the case of a Counter contract, it’s an uint256. Knowing the data type, name of the contract function, and its address, we can execute a transaction: cast send contract_address “setNumber(uint256)” 1337 –rpc-url http://127.0.0.1:8545 –private-key private_key. After execution of this command, the result of execution will be returned.

Now, when you become familiar with a new framework, don’t hesitate to develop your foundry skills while analyzing and testing one of the Solidity-based programs on HackenProof.

Read more on HackenProof Blog