Getting Started with Recon Pro Cloud Fuzzing

Recon Pro makes it easy to run invariant tests in the cloud with Echidna, Medusa, Halmos, and Foundry. This guide walks you through your first cloud fuzzing campaign.

Why Cloud Fuzzing?

Running fuzzers locally has limitations:

• CPU bound: Your laptop can only run so many tests per second
• Time limited: You probably can't leave your laptop running for 48 hours
• Single machine: Can't parallelize across multiple cores/machines

Recon Pro solves all of these. Upload your tests, select your fuzzers, and let the cloud do the heavy lifting. Over 12,500 cloud fuzzing runs have been completed on the platform.

Step 1: Set Up Your Project

If you're starting fresh, the fastest way is with the Recon VS Code Extension:

1. Install from the VS Code Marketplace
2. Open your Solidity project
3. Run the "Recon: Initialize" command
4. The extension scaffolds the entire fuzzing setup using Chimera

If you already have a Chimera-based testing setup, you're ready to go.

Step 2: Log In to Recon Pro

Navigate to getrecon.xyz/dashboard and connect your account. You'll see your dashboard with options for:

• Running new fuzzing jobs
• Viewing results from previous campaigns
• Managing your repositories

Step 3: Connect Your Repository

Recon Pro integrates with GitHub. Connect your repository and select the branch you want to fuzz. The platform will:

• Clone your repo
• Install dependencies
• Compile your contracts
• Prepare the fuzzing environment

Step 4: Configure Your Campaign

Select your fuzzers and parameters:

• Fuzzer: Choose Echidna, Medusa, or both
• Duration: How long to run (longer = more coverage)
• Workers: Number of parallel fuzzing workers

For your first run, we recommend Medusa with default settings. It's fast and gives good results quickly.

Step 5: Launch and Monitor

Hit "Start" and monitor progress in real-time. The dashboard shows:

• Live coverage metrics
• Any property violations found
• Transaction sequences that triggered violations
• Corpus growth over time

Step 6: Analyze Results

When the campaign completes, you get:

• Full report: Summary of coverage achieved and properties tested
• Violations: Any invariant violations with reproduction steps
• Shareable links: Share results with your team via Recon's sharing feature

If violations are found, the platform shows the exact transaction sequence that triggered the failure, making it easy to understand and fix the bug.

Tips for Effective Cloud Fuzzing

1. Start with simple properties: Begin with solvency and basic accounting invariants
2. Increase duration gradually: Start with short runs to validate your setup, then increase
3. Use both fuzzers: Echidna and Medusa find different things. Run both.
4. Iterate on findings: Each violation teaches you about your system. Add new properties based on what you learn.
5. Run on every PR: Set up recurring fuzzing in your CI/CD pipeline for continuous security

What's Next?

Once you're comfortable with the basics:

• Read our book for advanced invariant testing patterns
• Join our Discord community to discuss strategies with other fuzzing engineers
• Check out our bootcamp videos for in-depth tutorials

Cloud fuzzing with Recon Pro has helped teams find critical bugs, prevent $20M+ in potential losses, and ship with confidence. Get started today.