Invariant Testing with Recon Pro · 2024
Centrifuge
Recon built comprehensive invariant testing coverage for Centrifuge's ERC-7540 (asynchronous vault) implementation, leveraging the Recon Pro cloud fuzzing platform. The engagement caught a notoriously hard-to-detect rounding error.
The Challenge
Centrifuge's ERC-7540 implementation involves complex asynchronous deposit/redemption flows with multiple participants. Rounding in share/asset conversions across these flows could lead to subtle cap bypasses and accounting inconsistencies.
Our Approach
Using Recon Pro's cloud fuzzing platform, we built an invariant test suite covering deposit/redemption flows, share price calculations, and cap enforcement. The suite tested all combinations of deposits, partial fills, and redemptions across multiple users.
Findings
Rounding errors allows bypassing caps
Invariant testing discovered that specific sequences of small deposits could exploit rounding in share calculations to bypass deposit caps.
Results
Fuzzing discovered a rounding error that allowed bypassing deposit caps - a notoriously hard-to-detect edge case that traditional testing and manual review had missed. The CTO praised the team and the Recon Pro platform.
“We worked with the phenomenal @getreconxyz team to get invariant testing coverage for the @centrifuge ERC-7540 implementation, leveraging their Recon Pro platform. Looking forward to seeing where @getreconxyz goes next, they have ambitious plans to take invariant testing to the next level!”
Jeroen, CTO at Centrifuge