SuMo – PROS

SuMo (Solidity Mutator) is a mutation-testing framework designed to evaluate the effectiveness of test suites for Solidity smart contracts. It automatically generates mutants, synthetic variations of a contract that simulate common faults, and then executes the project’s existing tests against these modified versions. By measuring which mutants are “killed” (detected by tests), SuMo quantifies the fault-detection capability of the test suite through the mutation score.

Unlike general-purpose mutation tools, SuMo incorporates a rich set of Solidity-specific mutation operators, capturing typical programming errors such as address misuses, or event emission faults. It integrates seamlessly with popular smart-contract development environments (e.g., Hardhat, Foundry, Brownie) and supports automated reporting of mutation results.

Overall, SuMo contributes to higher reliability in decentralized applications by helping developers identify weakly tested contract behaviors.

Usage

SuMo Repository

This is the main SuMo repository, containing the complete source code of the tool, configuration examples, and full documentation. It provides detailed descriptions of all implemented mutation operators, and instructions for installing and running SuMo.

SuMo Demo Repository

The demo repository provides a ready-to-use example of SuMo applied to a sample Solidity project. It includes a minimal smart contract, a configured testing framework, and a prebuilt SuMo configuration file. This repository is ideal to explore SuMo’s workflow, visualize mutation results, or experiment with different operator configurations.

SuMo NPM Package

The official NPM package allows users to install SuMo directly into their Solidity projects using the Node.js ecosystem.

SuMo was designed to run mutation testing on NodeJS Solidity projects. It can run test using Truffle, Hardhat, Brownie and Forge.

Mutation Operators

Traditional Mutation Operators

Operator	Name	Mutation Example	Enabled by Default	Minimal Available
ACM	Argument Change of overloaded Method call	`overloadedFunc(a,b);` → `overloadedFunc(a,b,c);`	Y	N
AOR	Assignment Operator Replacement	`+=` → `=`	Y	N
BCRD	Break and Continue Replacement and Deletion	`break` → `continue` → `break`	Y	N
BLR	Boolean Literal Replacement	`true` → `false`	Y	N
BOR	Binary Operator Replacement	`+` → `-` `<` → `>=`	Y	Y
CBD	Catch Block Deletion	`catch{}` →	Y	N
CSC	Conditional Statement Change	`if(condition)` → `if(false)` `else{}` →	Y	N
ER	Enum Replacemet	`enum.member1` → `enum.member2`	Y	Y
ECS	Explicit Conversion to Smaller type	`uint256` → `uint8`	Y	N
FCD	Function Call Deletion	`foo()` →	Y	N
HLR	Hexadecimal Literal Replacement	`hex\"01\"` → `hex\"random\"`	Y	N
ILR	Integer Literal Replacement	`1` → `0`	Y	N
LCS	Loop Statement Change	`while(condition)` → `while(false)`	Y	N
OLFD	Overloaded Function Deletion	`function overloadedF(){}` →	Y	N
ORFD	Overridden Function Deletion	`function f() override {}` →	Y	N
SKR	Super Keyword Replacement	`x = getData()` → `x = super.getData()`	Y	N
SLR	String Literal Replacement	`"string"` → `""`	Y	N
UORD	Unary Operator Replacement and Deletion	`++` → `--` `!` →	Y	Y

Solidity Mutation Operators

Operator	Name	Mutation Example	Enabled by Default	Minimal version available
AVR	Address Value Replacement	`0x67ED2e5dD3d0...` → `address.this()`	Y	Y
CCD	Contract Constructor Deletion	`constructor(){}` →	Y	N
DLR	Data Location Keyword Replacement	`memory` → `storage`	N	N
DOD	Delete Operator Deletion	`delete` →	Y	N
ETR	Ether Transfer function Replacement	`delegatecall()` → `call()`	Y	Y
EED	Event Emission Deletion	`emit Deposit(...)` → `/emit Deposit(...)/`	Y	N
EHD	Exception Handling Deletion	`require(...)` → `/require(...)/`	Y	N
FVR	Function Visibility Replacement	`function f() public` → `function f() private`	N	Y
GVR	Global Variable Replacement	`msg.value()` → `tx.gasprice()`	Y	Y
MCR	Mathematical and Cryptographic function Replacement	`addmod` → `mulmod` `keccak256` → `sha256`	Y	Y
MOD	Modifier Deletion	`function f() onlyOwner` → `function f()`	Y	Y
MOI	Modifier Insertion	`function f()` → `function f() onlyOwner`	N	Y
OMD	Overridden Modifier Deletion	`modifier m() override {}` →	Y	N
PKD	Payable Keyword Deletion	`function f() payable` → `function f()`	Y	N
RSD	Return Statement Deletion	`return amount;` → `//return amount;`	Y	N
RVS	Return Values Swap	`return (1, "msg", 100);` → `return (100, "msg", 1);`	Y	Y
SCD	Selfdestruct Call Deletion	`selfdestruct();` → `//selfdestruct();`	Y	N
SFR	SafeMath Function Replacement	`SafeMath.add` → `SafeMath.sub`	Y	Y
SCEC	Switch Call Expression Casting	`Contract c = Contract(0x86C9...);` → `Contract c = Contract(0x67ED...);`	Y	N
TOR	Transaction Origin Replacement	`msg.sender` → `tx.origin`	Y	N
VUR	Variable Unit Replacement	`wei` → `ether` `minutes` → `hours`	Y	Y
VVR	Variable Visibility Replacement	`uint private data;` → `uint public data;`	N	Y

Cookie	Duration	Description
cookielawinfo-checkbox-advertisement	1 year	Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Advertisement" category .
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
JSESSIONID	session	Used by sites written in JSP. General purpose platform session cookies that are used to maintain users' state across page requests.
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Cookie	Duration	Description
VISITOR_INFO1_LIVE	5 months 27 days	A cookie set by YouTube to measure bandwidth that determines whether the user gets the new or old player interface.
YSC	session	YSC cookie is set by Youtube and is used to track the views of embedded videos on Youtube pages.
yt-remote-connected-devices	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.
yt-remote-device-id	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.

Cookie	Duration	Description
ice.connection.contextpath	session	No description
ice.connection.lease	session	No description
ice.connection.running	session	No description
ice.push.browser	session	No description
ice.pushids	session	No description
ultp_view_2478	1 day	No description
ultp_view_2524	1 day	No description
ultp_view_2526	1 day	No description
ultp_view_2534	1 day	No description
ultp_view_2542	1 day	No description
ultp_view_2544	1 day	No description
ultp_view_2546	1 day	No description
ultp_view_2613	1 day	No description
ultp_view_2620	1 day	No description
ultp_view_2622	1 day	No description
ultp_view_2624	1 day	No description
ultp_view_2668	1 day	No description
ultp_view_2674	1 day	No description

Quality & Analysis / Tool · November 11, 2025

Traditional Mutation Operators

Solidity Mutation Operators