Invariant Testing with Recon Pro · 2024
Centrifuge
Centrifuge is a real-world asset (RWA) protocol that was implementing ERC-7540, the standard for asynchronous tokenized vaults. Recon built invariant testing coverage using the Recon Pro cloud fuzzing platform. The engagement identified a rounding error in share/asset conversions that allowed bypassing deposit caps — a category of bug that is notoriously difficult to catch through manual review or unit testing alone, because it only manifests through specific sequences of operations repeated many times.
The Challenge
ERC-7540 introduces asynchronous deposit and redemption flows where requests are queued and fulfilled over time by different participants. This creates complex multi-step state transitions where shares, assets, and pending requests must all remain consistent. Rounding behavior in share-to-asset and asset-to-share conversions varies depending on the direction and magnitude of the operation, creating edge cases that only manifest through specific operation sequences. The asynchronous nature means that state can change between a user's request and its fulfillment, further expanding the space of possible interactions.
Our Approach
Recon Pro's cloud fuzzing platform ran multi-hour campaigns testing all combinations of deposits, partial fills, complete redemptions, and cancellations across multiple concurrent users. Properties enforced that deposit caps could never be exceeded, that share/asset conversions remained consistent in both directions, and that no user could extract more value than they deposited. The cloud infrastructure allowed testing at a scale not feasible on local machines, exploring far more operation sequences than a local fuzzing session could cover.
Findings
Rounding errors allows bypassing caps
Invariant testing discovered that specific sequences of small deposits could exploit rounding in share calculations to bypass deposit caps. Each deposit operation introduced a rounding error of at most one wei in the share-to-asset conversion, but by repeating the operation thousands of times, an attacker could incrementally exceed the configured cap by a material amount.
Results
The fuzzer discovered that repeated small deposits could exploit rounding in the share calculation to incrementally exceed the deposit cap. Each individual rounding error was at most one wei, but a patient attacker automating thousands of operations could exceed the cap by a material amount. The finding was addressed by rounding in favor of the protocol in share calculations. The Centrifuge CTO praised both the team and the Recon Pro platform for the quality of the engagement.
“We worked with the phenomenal @getreconxyz team to get invariant testing coverage for the @centrifuge ERC-7540 implementation, leveraging their Recon Pro platform. Looking forward to seeing where @getreconxyz goes next, they have ambitious plans to take invariant testing to the next level!”
Jeroen, CTO at Centrifuge
Get the same level of protection
See how Recon's invariant testing can secure your protocol like it did for Centrifuge.