What should you know about smart contract security?
Guides on invariant testing, fuzzing, and DeFi security from the team that's protected $3B+ in TVL.
Mutation testing for smart contracts: measure your test suite quality
Your tests pass. But are they actually good? Mutation testing injects faults into your code and checks if your tests catch them. Here's how to measure and improve.
How to prepare your code for a smart contract audit
Good audit preparation cuts costs and improves findings quality. Here's the exact checklist we wish every protocol followed before engaging an auditor.
Postmortem: The Lending Protocol Reentrancy That Fuzzing Missed — And Invariants Didn't
The dev team ran Echidna for 24 hours: zero findings. The same vulnerability was found by invariant testing in 90 seconds. Here's the exact reentrancy path, why mock ERC20s hide it, and the accounting properties that catch it.
5 Properties Every Smart Contract Auditor Forgets to Test
After 40+ DeFi audits, the same five invariant gaps come up every time. Not the obvious ones — accountants check totalSupply. The ones that require stateful sequences, adversarial tokens, and cross-function composition.
Fuzzing ZK circuits: testing Noir and Circom with property-based approaches
ZK circuits need testing too. Under-constrained circuits, missing range checks, and witness mismatches are the reentrancy bugs of the ZK world. Here's how to fuzz them.
Getting started with the Recon VS Code extension
The Recon extension puts fuzzing inside your editor. Scaffold Chimera tests with one click, run any fuzzer from the command palette, and read coverage without leaving VS Code.
Why we built Chimera: write once, fuzz everywhere
Every fuzzer needs different test code. Chimera lets you write properties once and run them with Foundry, Echidna, and Medusa — no rewrites, no lock-in. Here's why we built it and how the architecture works.
Why your audit found nothing: the false confidence problem
Your audit came back clean. You feel safe. But protocols with clean audits get hacked all the time. Here's why, and what actually provides continuous assurance.
Signature replay and permit attacks: testing EIP-712 and ERC-2612 with fuzzing
Signatures are everywhere in smart contracts. Replay attacks, permit griefing, and malleability bugs are still catching protocols. Here's how to fuzz for all of them.
LLM-generated invariant properties: what works, what hallucinates, how we use them
We've tested LLM-generated properties across dozens of engagements. Some are surprisingly good. Some are dangerously wrong. Here's what we've learned.
Coverage-guided fuzzing deep dive: corpus management, seeds, and convergence
What happens inside a fuzzer? How coverage tracking, corpus management, and seed selection work together. Practical tips for getting better coverage faster.
Price manipulation attacks: spot prices, TWAPs, and how to fuzz your defenses
Flash loan price manipulation, TWAP gaming, oracle sandwiches — here's how each attack works and the properties that prove your defenses hold.
Chimera advanced patterns: multi-contract fuzzing with actors and ghosts
Take your Chimera skills to the next level. Multi-contract setups, actor patterns for simulating real users, ghost variables for state tracking, and cross-contract invariants.
How to fuzz ERC-1155 multi-token contracts
ERC-1155 combines batch operations with mandatory receiver callbacks, creating a reentrancy surface that single-token testing misses. This guide covers the invariants and handler patterns that catch the real bugs.
How to fuzz ERC 2535 diamond proxies: storage, selectors, and upgrades
Diamond proxies delegate calls to multiple facets, and the bugs live in upgrade sequences and storage collisions. This guide covers selector, storage, and loupe invariants with full Chimera properties.
How to fuzz ERC-4337 account abstraction wallets
ERC-4337 wallets validate their own transactions and manage gas accounting. This guide covers the invariants that matter for account abstraction, from signature validation to paymaster solvency.
The ERC-4626 donation attack: first depositor exploit explained and tested
The donation attack lets an attacker steal funds from vault depositors through share inflation. Here's exactly how it works, how to prevent it, and how to test for it.
ZK circuit security: constraint bugs, witness leaks, and audit patterns
ZK circuits aren't programs — they're constraint systems. The bugs look different: under-constrained signals, witness malleability, missing range checks. Here's how to audit them.
AI Smart Contract Audits: Beyond the Hype
Everyone claims AI auditing. Most mean they ran an LLM on your code. Here is what AI-powered smart contract auditing actually looks like when built on top of invariant testing and formal methods.
AI-guided fuzzing: from LLM property generation to automated campaigns
LLMs can suggest properties. Some are great, some hallucinate. Here's our practical workflow for using AI to speed up fuzzing without trusting it blindly.
Halmos symbolic execution for smart contracts: setup, limitations, and when it beats fuzzing
Fuzzers sample randomly. Symbolic execution explores every path. Halmos brings symbolic execution to Foundry — but it's not always the right tool. Here's when it wins and when fuzzing is better.
Certora CVL tutorial: a practitioner's guide to writing specs
A practical guide to writing Certora CVL specs. Covers the language basics, real DeFi patterns, common pitfalls, and when Certora shines vs fuzzing.
Fuzzing as a service vs DIY: when to hire and when to do it yourself
Run your own Foundry fuzz tests or hire a fuzzing service? The answer depends on your team, budget, and protocol complexity. Here's the decision framework.
Slither beyond defaults: writing custom detectors for your protocol
Default Slither detectors catch generic bugs. Custom detectors catch your protocol's bugs. Here's how to write them using the Slither API and SlithIR.
ERC-4337 security in 2026: the state of account abstraction audits
Account abstraction changes the security model. EntryPoint trust, UserOperation validation, paymaster risks, and bundler assumptions. Here's what to audit.
Fuzzing upgradeable contracts: storage layout, proxy safety, and upgrade invariants
Upgradeable contracts have unique attack surfaces: storage collisions, re-initialization, and unauthorized upgrades. Here are the invariants that protect them.
Towards the Scientific Audit
Audits today are artisanal. Two auditors reviewing the same code follow different paths and produce different results. This inconsistency is the gap attackers exploit. Here is how we make audits scientific.
Staking and rewards distribution: fuzzing the accounting protocols get wrong
Staking reward math is deceptively tricky. Division-before-multiplication, rounding dust, flash-stake exploits — here are the properties that catch them all.
Access control bugs in Solidity: real hacks and property-based defense
A missing modifier. A delegatecall to an untrusted address. Access control bugs have caused some of the largest losses in DeFi history. Here's how to find them with property-based testing.
From Zero to Fuzzing: A Beginner's Guide to the Chimera Framework
A hands-on beginner tutorial for the Chimera framework. Go from an empty project to running invariant tests with Foundry, Echidna, and Medusa — no prior fuzzing experience required.
Advanced invariant testing techniques for DeFi protocols
Beyond basic property writing. Ghost variables, temporal properties, conditional invariants, bounding inputs, handling oracles, and debugging failing invariants.
Smart contract audit firms compared: 2026 market guide
The audit market has changed. Legacy firms, contest platforms, and specialized shops all compete for your budget. Here's how they compare on what actually matters.
Flash loan exploits: how they work and how invariant testing catches them
Flash loans let anyone borrow millions for a single transaction. When combined with reentrancy or oracle manipulation, they drain protocols in one block. Here's how invariant testing catches what unit tests can't.
The True Cost of Not Auditing: Lessons from $20M+ in Prevented Losses
DeFi lost over $1.7 billion to exploits in 2024. Here is the business case for auditing, backed by real data from Recon engagements that prevented over $20M in potential losses.
Reentrancy in 2025: read-only, cross-function, and cross-contract patterns
Classic reentrancy is solved. But read-only reentrancy, cross-function reentrancy, and callback-based patterns are still catching protocols off guard.
Halmos symbolic testing tutorial: prove your properties
A complete tutorial on using Halmos for symbolic execution of Solidity. Write proofs instead of tests, get mathematical guarantees, and catch bugs fuzzers miss.
How to fuzz ERC-7540 async vaults
ERC-7540 adds async deposit and redemption flows on top of ERC-4626. This guide covers the lifecycle invariants, handler patterns for operator fulfillment, and campaigns that stress the request-claim state machine.
AMM and DEX invariant testing: properties every swap protocol needs
Every AMM needs these properties: constant product conservation, fee accounting, LP share math, and sandwich resistance. Here's the complete invariant suite.
Stateful Fuzzing Explained: Why Sequence Matters in Smart Contract Testing
Most smart contract bugs only manifest after a specific sequence of transactions. Stateful fuzzing explores these sequences automatically — here is how it works and why it matters.
The complete smart contract security pipeline: first commit to mainnet
Every step from first commit to mainnet, in order. Static analysis, unit tests, invariant testing, formal verification, audits, deployment checks, and post-launch monitoring.
How to fuzz ERC-6909 multi-token contracts
ERC-6909 is the minimal multi-token standard powering Uniswap v4. This guide walks through identifying invariants, writing properties for per-ID accounting and dual approvals, and running fuzzing campaigns.
Top 10 DeFi exploits of 2025: the invariants that would have stopped them
Ten exploits, billions lost. For each one, we break down the root cause and write the exact invariant property that would have stopped it.
Echidna tutorial: advanced stateful fuzzing campaigns
Go beyond basic Echidna usage with advanced config tuning, corpus management, multi-contract setups, and stateful campaign strategies that catch deep bugs.
What to Expect from a Smart Contract Security Audit in 2025
The smart contract audit has evolved far beyond a manual code review. Here is what a modern audit looks like in 2025 — and what you should demand from your auditor.
Solana smart contract fuzzing: Trident, Honggfuzz, and property testing
Solana fuzzing is years behind EVM but catching up fast. Here's how to use Trident, honggfuzz, and proptest to find bugs in your Solana programs.
Formal verification vs fuzzing: the definitive guide
Formal verification proves properties exhaustively. Fuzzing finds bugs probabilistically. Here's when each approach wins, what they miss, and how to combine them.
Foundry fuzz testing: from basic fuzzing to invariant tests
Foundry's built-in fuzzer goes well beyond what most developers use. This guide covers the full spectrum from basic input fuzzing to stateful invariant tests to bridging into dedicated fuzzing tools.
Medusa fuzzer tutorial: from install to first bug
A hands-on tutorial that takes you from installing Medusa to catching your first real bug. Covers project setup, property writing, campaign configuration, and result analysis.
Understanding Rounding Errors in DeFi: How Small Bugs Lead to Big Exploits
In Solidity, there are no decimals — only integers and the illusion of precision. Learn how 1 wei rounding errors compound into protocol-draining exploits and how to defend against them.
Foundry invariant testing beyond the basics: handlers, actors, and bounded runs
Foundry's invariant testing is powerful but the docs barely scratch the surface. Here's how to use handlers, actors, bounded inputs, and ghost variables like a pro.
Oracle integration testing: fuzzing price feeds and manipulation resistance
Your protocol trusts an oracle. But does it handle stale prices, sudden deviations, and manipulation attempts correctly? Here's how to fuzz your oracle integration.
How to fuzz ERC-4626 vaults: a step-by-step guide
ERC-4626 defines a clean vault interface and a set of guarantees that are surprisingly easy to break. This guide walks through identifying invariants, writing properties, and running fuzzing campaigns.
How to Set Up Continuous Security Testing with CI/CD and Fuzzing
Stop treating security as a one-time audit. Learn how to integrate Chimera-based fuzzing into your CI/CD pipeline with GitHub Actions so every pull request gets fuzzed automatically.
Governance and timelock security: properties for proposal lifecycle
Governance bugs have led to catastrophic exploits. Here are the properties that protect proposal lifecycles, voting power, timelocks, and execution flow.
Fuzzing Rust smart contracts: CosmWasm, Solana, and cargo-fuzz
Rust smart contracts run on Solana, CosmWasm, and more. Here's how to fuzz them all with cargo-fuzz, proptest, and ecosystem-specific tools.
7 common smart contract fuzzing mistakes (and how to fix them)
Your fuzzer ran for 24 hours and found nothing. That doesn't mean your code is safe — it might mean your campaign was broken. Here are the seven mistakes we see most often and how to fix each one.
5 Smart Contract Vulnerabilities That Unit Tests Will Never Catch
Unit tests check what you expect. But the most dangerous vulnerabilities hide in the unexpected — cross-function reentrancy, rounding accumulation, and more. Here are five categories unit tests will never catch.
Move smart contract security: testing patterns for Aptos and Sui
Move's type system prevents some Solidity bugs but introduces new ones. Here's how to test Move contracts on Aptos and Sui, including the built-in Move Prover.
Cross-chain bridge security: invariants that would have caught the big hacks
Ronin, Wormhole, Nomad — billions lost to bridge hacks. For each one, here's the specific invariant that would have caught the bug before deployment.
Echidna vs Medusa: A Practical Comparison for Security Researchers
A hands-on comparison of Echidna and Medusa for smart contract fuzzing. We cover performance, configuration, corpus management, and when to choose each tool.
Fuzzing + formal verification + invariant testing: combining them all
Write properties once, run them everywhere. Here's how to combine fuzzing, formal verification, and invariant testing in a single workflow using Chimera.
What is smart contract fuzzing?
Smart contract fuzzing throws millions of random inputs at your contracts to find states that violate your security assumptions. Here's how it works, what it catches, and how to get started.
Property Design Patterns for DeFi Lending Protocols
A practical catalog of invariant property patterns for lending protocols — from solvency and utilization bounds to liquidation health checks — with Solidity code for each.
Differential testing for smart contracts: comparing implementations to find bugs
Two implementations of the same spec should behave identically. When they don't, you've found a bug. Here's how to set up differential testing for smart contracts.
Smart contract fuzzing tools compared: Echidna, Medusa, Halmos, and Foundry
Four tools dominate smart contract fuzzing. Each approaches the problem differently, and picking the wrong one wastes time. Here's how to match the right fuzzer to your project — or use all four together.
The Anatomy of a Critical DeFi Bug: Insolvency Through Incorrect Accounting
A single rounding error in share accounting can drain an entire vault. Walk through the anatomy of a real critical DeFi bug and learn why invariant testing is the only reliable way to catch it.
How to write your first invariant test
A hands-on tutorial that walks you through writing three invariant properties for a simple ERC-20 vault, then running them with Foundry and Echidna. Working test suite in 30 minutes.
Getting Started with Recon Pro Cloud Fuzzing
A step-by-step guide to running your first cloud fuzzing campaign with Recon Pro. Go from zero to fuzzing in minutes, with no infrastructure to manage.
How We Found Real Vulnerabilities with Fuzzing
A technical deep-dive into real vulnerabilities we've found through fuzzing, from critical accounting bugs to subtle rounding exploits. Includes the properties that caught them.
How much does a smart contract audit cost in 2025?
A smart contract audit costs between $15,000 and $120,000 for most DeFi protocols. Here's a full breakdown of pricing by audit type, what drives cost, and how to get the most value from your budget.
Do you need a smart contract audit?
If your contract holds user funds, controls access to funds, or governs protocol parameters that affect funds, you need an audit. Here's how to decide what type fits your situation.
Why Invariant Testing Matters for DeFi Security
Unit tests check what you think of. Invariant tests check what you don't. Here's why every DeFi protocol needs invariant testing and how it has saved millions in real engagements.