INVARIANT TESTING IN THE CLOUD

Run invariant testing with Echidna, Medusa and Foundry

Schedule a demo
Watch the 1 minute intro

Helping these projects deploy safely

Centrifuge logoBadger logoCorn LogoLiquity LogoBalancer Logo

TVL Protected

$1BLN+

Aggregate TVL of our Customers

$100MLN+

TVL Protected with Live Monitoring

1k+

Cloud Fuzzing Runs done with Recon Pro

Benefits

THE MISSING PIECE

Invariant Testing is often the missing piece to reduce the number of bugs protocols go to audit with

NEVER STUCK IN QUEUE

Recon Pro allows an unlimited number of parallel runs, we cap the total hours of usage, not the number of concurrent runs

ONE INTERFACE, ALL OF THE TOOLS

Echidna, Medusa, Foundry, Halmos and Control, the Recon panel abstracts away the complexity of handling infra, shareable runs, reusable corpus, rpc forks

DYNAMIC REPLACEMENT

Replace values in your tester before running your suites

Experimental

LIVE MONITORING

Convert your Invariant Testing Properties into tests that are checked against each block

Experimental

Upcoming Feature

GOVERNANCE FUZZING

Trigger an invariant testing suite against all of your onChain Proposals.

Testimonials

Our services are tailored to our customers

company logo

We worked with the phenomenal @getreconxyz team to get invariant testing coverage for the @centrifuge ERC-7540 implementation, leveraging their Recon Pro platform. Looking forward to seeing where @getreconxyz goes next, they have ambitious plans to take invariant testing to the next level!

Centrifuge

Jeroen - CTO

company logo

We first met Alex during some excellent security discussions re: Liquity v1. The breadth and depth of his audit of our v2 exceeded expectations - particularly impressive for a solo effort. He uncovered several technical, arithmetic and economic issues and discussed them with us in detail. I’d highly recommend his manual reviews for any DeFi team that takes their security seriously.

Liquity

Rick - Cofounder

company logo

Recon has allowed us to speed up the development of invariant tests immensely. We are able to create and execute test suites in the cloud effortlessly with virtually no boilerplate code. I highly recommend using Recon to automate your fuzzing setup.

Badger DAO

James - Lead Dev

company logo

The recon team is continuously innovating to make invariant testing vastly more accessible to projects, which makes a meaningful difference in security outcomes. They bring their broad expertise in and passion for web3 security to any engagement above and beyond the specified scope.

Corn

Dapp - Cofounder

company logo

Engaging with Alex&Lourens showed great proactiveness to answer deep-technical Qs along the process and help to discuss together items that require deeper drilling on invariants, really valuable not only their ability to answer Qs, but educating you on the process and empowering your team for better understanding of invariants on your architecture!

Onchainification

Petrovska - Cofounder

company logo

Alex has an incredible eye for detail, leaving no stone unturned during our audit. His review helped us gain confidence in our codebase before going to a competitive audit. I would highly recommend Alex’s security services to anyone building smart contract systems.

Solidity Labs

Elliot - Founder

company logo

We worked together with Alex to review a Safe module for our DAO multi-sig. We really valued his proactiveness and quick response times so that we could ship in a timely manner. πŸš€

Balancer DAO

Xeonus - Balancer Maxis

How does it work

Installation is faster than finding your hardware wallet

      Install the Recon App
      Run a job by just pasting the repository URL
      Save and re-use configs as Recipes
      Run jobs on PR, commit, or at specific time of the day

Recon PRO Workflows

Trophies

Recon was used to find these bugs

Badger

Critical | Insolvency due to Incorrect Accounting

Finding | Recon Logs
πŸ†

remBADGER Accounting bug, prevented

BUG LINK >

TapiocaDAO

High | Overflow causes Permanent DOS in twTAP

Finding | Recon Logs
πŸ†

The only researcher that wrote a POC

BUG LINK >

TapiocaDAO

Medium | Incorrect decoding in decodeLockTwpTapDstMsg

Finding | Recon Logs
πŸ†

Showing how Invariant tests could have caught this

BUG LINK >

Centrifuge

Medium | Rounding errors allows bypassing caps

Finding | Recon Logs
πŸ†

Invariant Tests helped prevent a notoriously hard to detect edge case

BUG LINK >

Corn

Critical | Insolvency due to Incorrect Accounting

Finding | Recon Logs
πŸ†

Invariant Testing quickly found a mistake in accounting and helped ensure all subsequent changes were safe

BUG LINK >

TEAM

Alex

Alex

Top C4 Judge, Former Badger Lead Dev, Code that handled hundreds of millions of dollars, Bug findings in most protocols you use every day

Antonio

Antonio

Creator of EchidnaToFoundry, Author of some of the most read articles on Invariant Testing, Advisor to multiple high profile projects

Alcueca

Alcueca

Co-Founder and CTO at Yield Protocol, co-Author ERC4626 (Tokenized Vaults), ERC3156 (Flash Loans) and ERC7266 (Oracles), Judge @ C4 and Cantina. Author of many popular articles on smart contract development.

Nican0r

Nican0r

Up and coming talented researcher behind most of our articles and invariant testing starters

0xsi

0xsi

Lead Software Engineer behind a lot Recon features

Lourens

Lourens

Multiple bugs in Security Contests, Behind many Invariant Testing suites

SERVICES

Boutique Audits, we can write code and break invariants, whether you want us to code with you or review your code manually

We can support your team at all stages of development

Early Stage:

Define key invariants, scaffold and maintain invariant testers

Add invariants as the project grows

Pre Audit Stage:

Reach 100% Coverage, handout to your Auditors a full set of test repros to produce meaningful states or broken properties

Solo Review Stage:

Recon is made by highly respected SRs that can help you with Manual Review

Audit Stage:

We can support you during audits, by adding new properties flagged by your reviewers and by reproducing bugs in invariant tests as a means to ensure they are not introduced later

Our cloud runners ensure you can quickly queue and test fixes, no more waiting for your engineer to come back from the weekend

Our offers:

  • Invariant Bootstrapping > A one off engagements to make massive progress, ranging from 1 to 3 weeks, typically performed by Alex
  • Recon Legendary > Ongoing test maintenance from a experienced fuzzing engineer, for projects that want to quickly update their tests, includes unlimited cloud runs
  • Recon Pro > Cloud Fuzzing as a service, a versatile and easy way to run invariant testing in the cloud

Invariant testing starters

project logo

Create Chimera App

The easiest way to scaffold invariant tests

project logo

Eigenlayer Fuzzing

A plug and play suite to test meaningful Eigenlayer States, a must for every Eigenlayer Integrator

project logo

Renzo Fuzzing

A complete invariant suite for the Renzo Protocol, able to replicate multiple exploits found in subsequent audits

project logo

Call Test Undo

A simple contract meant to turn state changing function calls into invariant tests that do not pollute the story

project logo

ERC7540 Reusable Properties

Simple to Reuse, high level properties for ERC7540 Vaults, Built in Collaboration with Centrifuge

project logo

Chimera

Open Source Framework to unify Invariant, Fuzz and Formal Verification into a single, write once run everywhere API

Recon builder

FREE

For Open Source Projects

90

Repos built

200

Hours saved

It's never been easier

2 click scaffolding a State of the Art Medusa and Echidna Invariant Testing Setup

use the right tools for the job

Use foundry to develop and debug, use medusa and echidna for invariant testing

Only as opinionated as necessary

Compatible with any foundry project. Zero configuration necessary

check how it works

Substack posts

First Day At Invariant School

Featured in Week in Ethereum, a simple introduction to Invariant Testing

Substack ImageRead >

Reusable Properties for ERC7540 Vaults

How to implement properties developer by the Recon + Centrifuge teams for ERC7540 vaults

Substack ImageRead >

Lessons Learned from Fuzzing Centrifuge Protocol part 2

Separating signal from noise in broken properties

Substack ImageRead >

Finding Real Vulnerabilities with the Renzo-Fuzzing repo

Using the renzo-fuzzing repo to reproduce vulnerabilities from the Renzo audit report from code4rena

Substack ImageRead >

Lessons From The Fuzzing Trenches

Lessons learned from building a fuzzing suite for Renzo Protocol

Substack ImageRead >

Integrating EigenLayer Into Your Test Suite

Deploy the entire EigenLayer system + simulate slashing events in your test suite

Substack ImageRead >

eBTC Retrospective

A reflection on lessons learned in our extended fuzzing of eBTC

Substack ImageRead >