Foundry v1.6.0 brings Osaka as the default EVM hardfork, major performance improvements with parallelized stateless fuzzing and configurable invariant check intervals (up to 3.6x faster deep runs), enhanced security testing with improved reentrancy detection and time-based invariant fuzzing, and additional Tempo blockchain integration across forge, cast, and anvil.
We recently crossed 10,000 GitHub 🌟 — thank you to everyone who has contributed, reported issues, and helped improve Foundry!
Fuzz tests now run across multiple worker threads, significantly improving execution speed on multi-core machines. Each worker maintains its own corpus and periodically syncs with a master corpus, enabling efficient parallel exploration while sharing discovered coverage. Workers automatically distribute runs evenly and aggregate results after completion.
check_interval Config (#13133)New check_interval config option controls how often invariants are asserted during deep runs:
| Value | Behavior |
|---|---|
0 |
Only assert on the last call of each run (fastest) |
1 (default) |
Assert after every call (current behavior, most precise) |
N |
Assert every N calls AND always on the last call |
Benchmark: With check_interval = 10, deep invariant runs (1×1000 depth) are 3.6x faster (15.09s → 4.17s). Invariant checks consume ~86% of execution time in high-depth runs—reducing check frequency dramatically improves performance while still catching violations.
call_override (#13127)The call_override invariant testing feature now correctly detects ETH transfer reentrancy vulnerabilities, including:
Key fixes include proper ETH transfer via journal before callback injection, clearing REVM's cached bytecode for EOA targets, and overriding calls when either caller OR target is a handler contract. Validated against a reproduction of the April 2022 Rari Capital hack.
New max_time_delay and max_block_delay invariant configs enable fuzzing of block timestamp and block number on consecutive transactions. This helps discover time-dependent vulnerabilities that only manifest under specific block timing conditions. Counterexamples now display the vm.warp() and vm.roll() calls needed to reproduce failures.
The foundry-toolchain GitHub Action has been completely rewritten in TypeScript for improved maintainability and reliability. See v1.7.0 release.
Foundry v1.6.0 is accompanied by a new Rust rewrite of foundryup for better maintainability, testing, and compatibility. At the moment the new foundryup installer is still experimental, but in next releases we plan to sunset the old one and provide a much better experience for managing foundry installs.
To try out the new foundryup run:
curl -L https://raw.githubusercontent.com/foundry-rs/foundryup/HEAD/foundryup-init.sh | bash
foundryup
Additional Tempo network support is now available across the Foundry toolchain:
--network tempo flag to forge init (#12819) by @onbjerg - Initialize projects pre-configured for Tempofoundryup): add Tempo support (#12775) by @zerosnacks - Install Tempo-enabled Foundry buildsalloy-chains (#12710) by @zerosnacksforge script): add --interactive flag for deploying with a single keypair (#12608) by @zerosnacksforge-lint): add custom errors rule (#13126) by @milosdjuricanamespace_import_style config (#13108) by @quangloc99forge fmt): fix incorrect indentation for chained struct calls (#13163) by @gakonstforge-lint): ignore compilation warnings in exit code (#13138) by @0xrusowskyattachBlob (#13054) by @mablrvm.mockFunction to work correctly with delegatecall (#13117) by @quangloc99erc20 command (#13002) by @mablr--replay-system-txes / --sys arg to cast run system txes (#12853) by @grandizzycast erc20 transfer to cast erc20 send (#12990) by @onbjergeth_fillTransaction support (#12595) by @mablr--no-proxy to disable reqwest proxying to prevent crash on macOS in sandboxed environments (#13155) by @gakonstsvm fails to download solc 0.8.33 on linux/arm64, bump svm-rs (#13007) by @zerosnacksgetBlobSidecars Beacon API endpoint (#12568) by @mablranvil_getBlobSidecarsByBlockId endpoint (#13022) by @mablrFoundry v1.5.1 is a bugfix release to support solc 0.8.31.
https://github.com/foundry-rs/foundry/compare/v1.5.0...v1.5.1
Foundry v1.5.1 is a bugfix release to support solc 0.8.31.
Foundry v1.5.0 release comes with an improved fuzzer that use Solar to analyze contracts and extract interested values from AST, and incorporate updated logic to minimize counterexamples generated by invariant tests. This version adds support for browser extension wallets, provides a simpler way to interact with ERC20 tokens using cast and publishes all foundry binaries as npm packages. It also continues the effort to improve new forge formatter rolled out in previous version and makes it more customizable.
Foundry v1.5.0 leverages the Solar API to analyze contracts, collect all relevant AST literals from the sources, and use those values to generate inputs for the fuzzing campaign (https://github.com/foundry-rs/foundry/pull/12015). For example, with this addition a counterexample for the simple test below can be generated within a couple of runs:
function testHash(bytes memory v) external {
assert(keccak256(v) != keccak256("hello"));
}
Early testers have reported substantially improved fuzzing results and we are running additional benchmarks to quantify the effectiveness.
In previous versions, counterexamples generated by invariant tests were replayed and minimized only once. In Foundry v1.5.0, the call sequence is replayed multiple times until all configured shrink runs are completed (https://github.com/foundry-rs/foundry/pull/12180). Additionally, the counterexamples saved on disk and replayed on subsequent campaigns, are now also minimized (https://github.com/foundry-rs/foundry/pull/12351). This allows Foundry to produce a more thoroughly minimized call sequence that can be used to generate unit tests and reproduce smart contract invariant violations.
Foundry v1.5.0 introduces support for browser extension wallets in the cast send and cast wallet sign commands, enabling developers to sign transactions directly in the browser (https://github.com/foundry-rs/foundry/pull/12302). Future releases will expand browser wallet support to other Foundry commands. We look forward to get external contributions to improve the interface and feature set of the browser wallet.
To try it out, pass the --browser flag to cast send to send a transaction using any of your browser wallets: cast send <TO> --value <VALUE> --rpc-url <RPC_URL> --browser
Additionally you can sign messages and typed data with cast wallet sign: cast wallet sign --browser "Hello World!"
This release introduces the cast erc20 command to facilitate interaction with ERC-20 tokens (https://github.com/foundry-rs/foundry/pull/12258 https://github.com/foundry-rs/foundry/pull/12381). This makes it simple to query balances, perform transfers, and access other ERC-20 token details.
balance Query ERC20 token balance [aliases: b]
transfer Transfer ERC20 tokens [aliases: t]
approve Approve ERC20 token spending [aliases: a]
allowance Query ERC20 token allowance [aliases: al]
name Query ERC20 token name [aliases: n]
symbol Query ERC20 token symbol [aliases: s]
decimals Query ERC20 token decimals [aliases: d]
total-supply Query ERC20 token total supply [aliases: ts]
mint Mint ERC20 tokens (if the token supports minting) [aliases: m]
burn Burn ERC20 tokens [aliases: bu]
Foundry v1.5.0 includes a set of new cheatcodes designed to improve the testing experience:
getEvmVersion/setEvmVersion to retrieve and change the execution EVM version within tests and scripts (https://github.com/foundry-rs/foundry/pull/12014)signWithNonce to create deterministic ECDSA signatures using a specified ephemeral nonce (https://github.com/foundry-rs/foundry/pull/11267)getStorageSlots leverage the storage layout to accurately identify the base slot of a variable (https://github.com/foundry-rs/foundry/pull/11537)Continuing the work introduced in v1.4.0 for forge, v1.5.0 publishes the remaining Foundry binaries as npm packages. This allows tools such as bun, npx, pnpm to easily install and run any Foundry executable directly from the npm registry (https://github.com/foundry-rs/foundry/pull/11945).
bun x @foundry-rs/anvil --version
npx --yes @foundry-rs/cast --version
pnpm dlx --silent @foundry-rs/chisel --version
/eth/v1/beacon/blobs beacon endpoint (#12182) by @mablrdebug_dbGet endpoint (#12375) by @mablrFromRecoveredTx trait for anvil TypedTransaction (#12424) by @mablreth_calls (#12144) by @grandizzynamed_struct_fields lint (#11982) by @mablrforge script): implement retries for forge script broadcast (#12564) by @zerosnacksis_path_allowed (#10679) by @rubydusaforge): apply correct permission scoping in workflow templates (#11986) by @zerosnacksmake_acc_non_empty in mockCalls_1Call, mockCall_1Call, mockCall_3Call for consistency (#11443) by @aganisgashverify): handle Address is not a smart-contract with Blockscout verification (#12566) by @zerosnackspretty arg for print_storage (#11976) by @mablrci): create-an-issue in release workflow is pinned to incorrect hash (#12004) by @zerosnacksci): integrate CodeQL into regular test.yml workflow and mark as requirement for ci-success (#12007) by @zerosnacksNodeConfig::with_optimism (#12035) by @onbjergNodeConfig::with_celo (#12034) by @onbjergNetworkConfig fields private (#12037) by @onbjerg--celo arg (#12038) by @onbjergSourceData::contract_definitions public (#12058) by @cakevmforge test (#12049) by @DaniPopesdeps): bump alloy-hardforks, alloy-core, proptest (#12191) by @zerosnacksfmt_change by using to_string() (#12193) by @maximevtush.to_string() after format! in test summary table (#12192) by @maximevtushtestdata): fix solidity warnings: shadowing of builtin symbol and unhandled low-level calls (#12189) by @zerosnacksdeployCode reverts w/ unlinked artifact libs (#12212) by @0xrusowskyFoundryEvm's inner field (#12237) by @mablrEvmOpts (#12247) by @onbjergall for prefer_compact fmt config (#12294) by @grandizzynone variant (#12298) by @0xrusowskycast keccak (#12339) by @quangloc99Precompile::signature (#12354) by @onbjerginject_custom_precompiles with PrecompilesMap::extend_precompiles method (#12469) by @mablr/eth/v1/beacon/genesis endpoint to Beacon API (#12503) by @mablrBlock and Header from Alloy (#12533) by @mablrGenesisResponse struct (#12513) by @mablrhttps://github.com/foundry-rs/foundry/compare/v1.4.4...v1.5.1
Foundry v1.5.0 release comes with an improved fuzzer that use Solar to analyze contracts and extract interested values from AST, and incorporate updated logic to minimize counterexamples generated by invariant tests. This version adds support for browser extension wallets, provides a simpler way to interact with ERC20 tokens using cast and publishes all foundry binaries as npm packages. It also continues the effort to improve new forge formatter rolled out in previous version and makes it more customizable.
Foundry v1.5.0 leverages the Solar API to analyze contracts, collect all relevant AST literals from the sources, and use those values to generate inputs for the fuzzing campaign (https://github.com/foundry-rs/foundry/pull/12015). For example, with this addition a counterexample for the simple test below can be generated within a couple of runs:
function testHash(bytes memory v) external {
assert(keccak256(v) != keccak256("hello"));
}
Early testers have reported substantially improved fuzzing results and we are running additional benchmarks to quantify the effectiveness.
In previous versions, counterexamples generated by invariant tests were replayed and minimized only once. In Foundry v1.5.0, the call sequence is replayed multiple times until all configured shrink runs are completed (https://github.com/foundry-rs/foundry/pull/12180). Additionally, the counterexamples saved on disk and replayed on subsequent campaigns, are now also minimized (https://github.com/foundry-rs/foundry/pull/12351). This allows Foundry to produce a more thoroughly minimized call sequence that can be used to generate unit tests and reproduce smart contract invariant violations.
Foundry v1.5.0 introduces support for browser extension wallets in the cast send and cast wallet sign commands, enabling developers to sign transactions directly in the browser (https://github.com/foundry-rs/foundry/pull/12302). Future releases will expand browser wallet support to other Foundry commands. We look forward to get external contributions to improve the interface and feature set of the browser wallet.
To try it out, pass the --browser flag to cast send to send a transaction using any of your browser wallets: cast send <TO> --value <VALUE> --rpc-url <RPC_URL> --browser
Additionally you can sign messages and typed data with cast wallet sign: cast wallet sign --browser "Hello World!"
This release introduces the cast erc20 command to facilitate interaction with ERC-20 tokens (https://github.com/foundry-rs/foundry/pull/12258 https://github.com/foundry-rs/foundry/pull/12381). This makes it simple to query balances, perform transfers, and access other ERC-20 token details.
balance Query ERC20 token balance [aliases: b]
transfer Transfer ERC20 tokens [aliases: t]
approve Approve ERC20 token spending [aliases: a]
allowance Query ERC20 token allowance [aliases: al]
name Query ERC20 token name [aliases: n]
symbol Query ERC20 token symbol [aliases: s]
decimals Query ERC20 token decimals [aliases: d]
total-supply Query ERC20 token total supply [aliases: ts]
mint Mint ERC20 tokens (if the token supports minting) [aliases: m]
burn Burn ERC20 tokens [aliases: bu]
Foundry v1.5.0 includes a set of new cheatcodes designed to improve the testing experience:
getEvmVersion/setEvmVersion to retrieve and change the execution EVM version within tests and scripts (https://github.com/foundry-rs/foundry/pull/12014)signWithNonce to create deterministic ECDSA signatures using a specified ephemeral nonce (https://github.com/foundry-rs/foundry/pull/11267)getStorageSlots leverage the storage layout to accurately identify the base slot of a variable (https://github.com/foundry-rs/foundry/pull/11537)Continuing the work introduced in v1.4.0 for forge, v1.5.0 publishes the remaining Foundry binaries as npm packages. This allows tools such as bun, npx, pnpm to easily install and run any Foundry executable directly from the npm registry (https://github.com/foundry-rs/foundry/pull/11945).
bun x @foundry-rs/anvil --version
npx --yes @foundry-rs/cast --version
pnpm dlx --silent @foundry-rs/chisel --version
/eth/v1/beacon/blobs beacon endpoint (#12182) by @mablrdebug_dbGet endpoint (#12375) by @mablrFromRecoveredTx trait for anvil TypedTransaction (#12424) by @mablreth_calls (#12144) by @grandizzynamed_struct_fields lint (#11982) by @mablrforge script): implement retries for forge script broadcast (#12564) by @zerosnacksis_path_allowed (#10679) by @rubydusaforge): apply correct permission scoping in workflow templates (#11986) by @zerosnacksmake_acc_non_empty in mockCalls_1Call, mockCall_1Call, mockCall_3Call for consistency (#11443) by @aganisgashverify): handle Address is not a smart-contract with Blockscout verification (#12566) by @zerosnackspretty arg for print_storage (#11976) by @mablrci): create-an-issue in release workflow is pinned to incorrect hash (#12004) by @zerosnacksci): integrate CodeQL into regular test.yml workflow and mark as requirement for ci-success (#12007) by @zerosnacksNodeConfig::with_optimism (#12035) by @onbjergNodeConfig::with_celo (#12034) by @onbjergNetworkConfig fields private (#12037) by @onbjerg--celo arg (#12038) by @onbjergSourceData::contract_definitions public (#12058) by @cakevmforge test (#12049) by @DaniPopesdeps): bump alloy-hardforks, alloy-core, proptest (#12191) by @zerosnacksfmt_change by using to_string() (#12193) by @maximevtush.to_string() after format! in test summary table (#12192) by @maximevtushtestdata): fix solidity warnings: shadowing of builtin symbol and unhandled low-level calls (#12189) by @zerosnacksdeployCode reverts w/ unlinked artifact libs (#12212) by @0xrusowskyFoundryEvm's inner field (#12237) by @mablrEvmOpts (#12247) by @onbjergall for prefer_compact fmt config (#12294) by @grandizzynone variant (#12298) by @0xrusowskycast keccak (#12339) by @quangloc99Precompile::signature (#12354) by @onbjerginject_custom_precompiles with PrecompilesMap::extend_precompiles method (#12469) by @mablr/eth/v1/beacon/genesis endpoint to Beacon API (#12503) by @mablrBlock and Header from Alloy (#12533) by @mablrGenesisResponse struct (#12513) by @mablrhttps://github.com/foundry-rs/foundry/compare/v1.4.4...v1.5.0-rc1
Foundry v1.5.0 release comes with an improved fuzzer that use Solar to analyze contracts and extract interested values from AST, and incorporate updated logic to minimize counterexamples generated by invariant tests. This version adds support for browser extension wallets, provides a simpler way to interact with ERC20 tokens using cast and publishes all foundry binaries as npm packages. It also continues the effort to improve new forge formatter rolled out in previous version and makes it more customizable.
Foundry v1.5.0 leverages the Solar API to analyze contracts, collect all relevant AST literals from the sources, and use those values to generate inputs for the fuzzing campaign (https://github.com/foundry-rs/foundry/pull/12015). For example, with this addition a counterexample for the simple test below can be generated within a couple of runs:
function testHash(bytes memory v) external {
assert(keccak256(v) != keccak256("hello"));
}
Early testers have reported substantially improved fuzzing results and we are running additional benchmarks to quantify the effectiveness.
In previous versions, counterexamples generated by invariant tests were replayed and minimized only once. In Foundry v1.5.0, the call sequence is replayed multiple times until all configured shrink runs are completed (https://github.com/foundry-rs/foundry/pull/12180). Additionally, the counterexamples saved on disk and replayed on subsequent campaigns, are now also minimized (https://github.com/foundry-rs/foundry/pull/12351). This allows Foundry to produce a more thoroughly minimized call sequence that can be used to generate unit tests and reproduce smart contract invariant violations.
Foundry v1.5.0 introduces support for browser extension wallets in the cast send and cast wallet sign commands, enabling developers to sign transactions directly in the browser (https://github.com/foundry-rs/foundry/pull/12302). Future releases will expand browser wallet support to other Foundry commands. We look forward to get external contributions to improve the interface and feature set of the browser wallet.
To try it out, pass the --browser flag to cast send to send a transaction using any of your browser wallets: cast send <TO> --value <VALUE> --rpc-url <RPC_URL> --browser
Additionally you can sign messages and typed data with cast wallet sign: cast wallet sign --browser "Hello World!"
This release introduces the cast erc20 command to facilitate interaction with ERC-20 tokens (https://github.com/foundry-rs/foundry/pull/12258 https://github.com/foundry-rs/foundry/pull/12381). This makes it simple to query balances, perform transfers, and access other ERC-20 token details.
balance Query ERC20 token balance [aliases: b]
transfer Transfer ERC20 tokens [aliases: t]
approve Approve ERC20 token spending [aliases: a]
allowance Query ERC20 token allowance [aliases: al]
name Query ERC20 token name [aliases: n]
symbol Query ERC20 token symbol [aliases: s]
decimals Query ERC20 token decimals [aliases: d]
total-supply Query ERC20 token total supply [aliases: ts]
mint Mint ERC20 tokens (if the token supports minting) [aliases: m]
burn Burn ERC20 tokens [aliases: bu]
Foundry v1.5.0 includes a set of new cheatcodes designed to improve the testing experience:
getEvmVersion/setEvmVersion to retrieve and change the execution EVM version within tests and scripts (https://github.com/foundry-rs/foundry/pull/12014)signWithNonce to create deterministic ECDSA signatures using a specified ephemeral nonce (https://github.com/foundry-rs/foundry/pull/11267)getStorageSlots leverage the storage layout to accurately identify the base slot of a variable (https://github.com/foundry-rs/foundry/pull/11537)Continuing the work introduced in v1.4.0 for forge, v1.5.0 publishes the remaining Foundry binaries as npm packages. This allows tools such as bun, npx, pnpm to easily install and run any Foundry executable directly from the npm registry (https://github.com/foundry-rs/foundry/pull/11945).
bun x @foundry-rs/anvil --version
npx --yes @foundry-rs/cast --version
pnpm dlx --silent @foundry-rs/chisel --version
/eth/v1/beacon/blobs beacon endpoint (#12182) by @mablrdebug_dbGet endpoint (#12375) by @mablrFromRecoveredTx trait for anvil TypedTransaction (#12424) by @mablreth_calls (#12144) by @grandizzynamed_struct_fields lint (#11982) by @mablrforge script): implement retries for forge script broadcast (#12564) by @zerosnacksis_path_allowed (#10679) by @rubydusaforge): apply correct permission scoping in workflow templates (#11986) by @zerosnacksmake_acc_non_empty in mockCalls_1Call, mockCall_1Call, mockCall_3Call for consistency (#11443) by @aganisgashverify): handle Address is not a smart-contract with Blockscout verification (#12566) by @zerosnackspretty arg for print_storage (#11976) by @mablrci): create-an-issue in release workflow is pinned to incorrect hash (#12004) by @zerosnacksci): integrate CodeQL into regular test.yml workflow and mark as requirement for ci-success (#12007) by @zerosnacksNodeConfig::with_optimism (#12035) by @onbjergNodeConfig::with_celo (#12034) by @onbjergNetworkConfig fields private (#12037) by @onbjerg--celo arg (#12038) by @onbjergSourceData::contract_definitions public (#12058) by @cakevmforge test (#12049) by @DaniPopesdeps): bump alloy-hardforks, alloy-core, proptest (#12191) by @zerosnacksfmt_change by using to_string() (#12193) by @maximevtush.to_string() after format! in test summary table (#12192) by @maximevtushtestdata): fix solidity warnings: shadowing of builtin symbol and unhandled low-level calls (#12189) by @zerosnacksdeployCode reverts w/ unlinked artifact libs (#12212) by @0xrusowskyFoundryEvm's inner field (#12237) by @mablrEvmOpts (#12247) by @onbjergall for prefer_compact fmt config (#12294) by @grandizzynone variant (#12298) by @0xrusowskycast keccak (#12339) by @quangloc99Precompile::signature (#12354) by @onbjerginject_custom_precompiles with PrecompilesMap::extend_precompiles method (#12469) by @mablr/eth/v1/beacon/genesis endpoint to Beacon API (#12503) by @mablrBlock and Header from Alloy (#12533) by @mablrGenesisResponse struct (#12513) by @mablrhttps://github.com/foundry-rs/foundry/compare/v1.4.4...v1.5.0-rc1
Foundry v1.4.4 is a bugfix release for forge.
https://github.com/foundry-rs/foundry/compare/v1.4.3...v1.4.4