// PRODUCTS · HASHEYE FORGE

Break your tests before attackers break your contracts.

Forge packages Gambit-style Solidity mutation testing for audit readiness: generate mutants, run tests or specs, score what gets killed, and turn survivors into concrete proof gaps.

> request_forge_run> download_gambit

// forge mutation diff

MUTANT_014

contract Vault {
  function mul(uint256 a, uint256 b) public pure returns (uint256 c) {
-   c = a * b;
+   c = a + b;
  }
}

$ gambit mutate --filename contracts/Vault.sol --solc solc8.20

$ gambit summary --mids 14

survived // no test failed after injected arithmetic fault

// WHAT FORGE PROVES

Coverage is not enough. Forge asks whether tests catch meaningful faults.

Line coverage can say code was executed. Mutation testing asks the sharper question: if important logic changes, does anything fail? Survivors become a prioritized hardening list.

// FORGE PIPELINE

Mutate, run, report.

01

MUTATE

Traverse Solidity ASTs and inject controlled changes into operators, constants, conditions, and call structure.

02

RUN

Run generated mutants through Foundry, Hardhat, or formal specs with the matching solc compiler.

03

REPORT

Summarize killed mutants, survivors, output paths, and the score that tells you how much behavior is proven.

// GAMBIT TOOLING

Full mutation workflow, available from the site.

Forge exposes the underlying Gambit workflow instead of hiding it. Teams can run the source locally, pin solc, generate mutants, inspect summaries, and wire the mutant directories into CI.

// RUN LOCALLY

curl -L https://hasheye.io/tools/gambit-master.zip -o gambit-master.zip
unzip gambit-master.zip
cd gambit-master
cargo install --path .

gambit mutate --json gambit_conf.json
gambit summary

for mutant in gambit_out/mutants/*; do
  cp -R "$mutant"/* .
  forge test
done

// DOWNLOADS

> gambit_source_zip

Hosted source archive for local or CI installs.

> forge_quickstart

HashEye runbook with install, mutate, summary, and test-loop commands.

> config_template

Starter JSON config for project-level mutation runs.

// FORGE FAQ

How is Forge different from line coverage?

Line coverage shows code executed. Mutation testing shows whether tests fail when meaningful contract behavior changes.

// TEST STACKS

What test frameworks does Forge support?

Forge is designed for Solidity projects using Foundry, Hardhat, and optional formal specs.

// FEATURES

Mutation testing built for Solidity teams.

Forge keeps the useful Gambit surface area visible: developers can see how mutants are produced, tune where they are produced, and measure what their current test suite misses.

> open_source

Fast, inspectable Solidity mutation generation with the source archive hosted by HashEye.

> easy_integration

Works with test suites and formal-spec workflows; Forge wraps the run and survivor triage.

> adaptive_mutations

Finds valid mutation points by traversing the Solidity abstract syntax tree.

> scored_results

Killed versus surviving mutants becomes a score for test/spec strength.

> high_variability

Generates diverse mutants so teams spend less time on redundant equivalent cases.

> targeted_mutations

Use declarative JSON config to focus mutations on specific contracts, functions, and operator classes.

// OUTCOMES

Proof gaps become engineering work.

The report separates strong evidence from weak evidence. Killed mutants show tests and specs caught injected faults. Survivors show behavior changes your suite allowed.

killed_mutants

caught

Tests or specs failed after the injected fault. This is evidence your checks detect that class of behavior change.

surviving_mutants

gap

Tests still passed after the injected fault. This is the proof gap to close before audit, launch, or upgrade.

// INTEGRATIONS

Fits the stack you already test.

> Solidity contracts and libraries

> Foundry test suites

> Hardhat test suites

> Optional formal specs when available

Forge is a HashEye workflow for Solidity mutation testing. Gambit is MIT-licensed software originally published by Certora; HashEye hosts the source archive, runbook, and config template so teams can run it locally or in CI.

// DETAILS WE TRACK

No black box. Every mutant is traceable.

These are the specific run details HashEye asks for when we turn a mutation run into an audit-readiness report.

operators

binary ops, constants, conditions, argument swaps, statement-level edits

inputs

--filename for one Solidity file or --json for project-level configuration

compiler

uses solc; pin --solc to the compiler version your project expects

paths

--sourceroot controls how original and mutated source paths are reported

outputs

gambit_results.json, mutants.log, input_json, mutants/<id>/...

inspection

gambit summary prints mutant diffs; --mids filters to selected mutant ids

// READY CHECK

Run Forge before the audit report becomes expensive feedback.

Send the repo, test command, target contracts, and any specs. HashEye returns a survivor list your team can fix before external review.

> request_forge_run