Invariant Testing Engagement · 2024
Badger
Recon identified a critical insolvency vulnerability in Badger DAO's remBADGER accounting through invariant testing, preventing potential loss of funds for a protocol handling hundreds of millions of dollars in TVL.
The Challenge
Badger DAO manages hundreds of millions in TVL across complex vault strategies. The remBADGER accounting system needed to correctly track shares, rewards, and withdrawals across multiple yield-generating strategies.
Our Approach
We built an invariant test suite targeting the core accounting invariants: total shares must map correctly to total assets, reward distribution must be fair, and no sequence of operations should allow extracting more value than deposited.
Findings
Insolvency due to Incorrect Accounting
The remBADGER accounting system had a bug where specific sequences of deposits and reward distributions could desynchronize share accounting, potentially leading to insolvency.
Results
Invariant testing caught a critical accounting bug that could have led to protocol insolvency. The bug was in a subtle interaction between deposit and reward accounting that manual review had not identified. Badger's Lead Dev praised Recon Pro for speeding up test development.
View full report →“Recon has allowed us to speed up the development of invariant tests immensely. We are able to create and execute test suites in the cloud effortlessly with virtually no boilerplate code. I highly recommend using Recon to automate your fuzzing setup.”
James, Lead Dev at Badger DAO