Learn Invariant Testing

Most of our guides and documentation are focused on using fuzzing tools, primarily Echidna and Medusa because we use them internally at Recon. However, we also support running other tools on our cloud infrastructure such as Foundry (fuzzing), Halmos (formal verification), and Kontrol (formal verification).

After having chosen a tool best suited to your needs and downloading it locally, you can get started with the tutorials below.

If you're new to invariant testing, we recommend starting with the following series of posts to get you from 0 to 1:

1. First Day At Invariant School
2. How To Define Invariants
3. Implementing Your First Smart Contract Invariants: A Practical Guide

If you prefer a full end-to-end video bootcamp, checkout this series on everything you need to know about invariant testing.

Once you've grasped the basics of invariant testing you can setup your first suite and run it on Recon. For a step-by-step guide on how to do this, check out the First Steps guide.

If you have any questions about how to use Recon or invariant testing in general, you can reach out to our team on Discord.

Additional Learning Resources

Invariant Testing In General

If you're looking for more resources to help you get started with invariant testing, see the following:

• Recon Substack
• Recon Video Tutorials
• Recon Twitter
• Recon GitHub
• EVM Fuzzing Resources

Fuzzers

For more resources on our favorite fuzzers (Echidna and Medusa) see the following:

• Echidna Documentation
• Medusa Documentation
• Echidna Fuzzing Series

Retrospectives

Deep dives into the work we've done with our elite customers with tips and tricks on building effective invariant testing suites:

• Corn Retrospective
• eBTC Retrospective
• Centrifuge Retrospective part 1
• Centrifuge Retrospective part 2

Videos

Podcasts

• Fuzzing a RewardsManager with the Recon Extension | Alex & the Remedy Team on Stateful Fuzzing for Security
• Workshop on how to go from a simple foundry test to a full blown critical exploit with fuzzing | Alex & Secureum on fuzzing for security research
• Fuzzing Sablier with the Recon Extension | Alex & Shafu on Invariant Testing
• Fuzzing MicroStable with Echidna | Alex & Shafu on Invariant Testing
• How can I run my Fuzz tests longer? Getrecon interview with Alex | Alex & Patrick Collins (Cyfrin Audits)
• Using Recon Pro to test invariants in the cloud | Alex & Austin Griffith

Office Hours

Office hours are live recordings of useful tips and tricks for invariant testing.

• Fuzz Fest | The best Talks of 2024 on Fuzzing for Security
• The Dangers of Arbitrary Calls | How to write safe contracts that use arbitrary calls and the risk tied to them
• Centrifuge Retrospective Pt1 | On scaffolding and getting to coverage
• Centrifuge Retrospective Pt2 | On breaking properties and the importance of understanding the system you're testing
• How we missed a bug with fuzzing! | On the dangers of clamping
• Finding bugs with Differential Fuzzing | Using differential fuzzing to find bugs
• Fuzzing Bytecode Directly

Trophies

A sample of some publicly disclosed bugs we've found using invariant testing. You can use these to understand what kinds of properties will help you find issues that manual review sometimes can't.