Invariant Testing Engagement · 2024
Corn
Recon's invariant testing quickly identified a critical insolvency vulnerability due to incorrect accounting in the Corn protocol, then continued testing to ensure all fixes and subsequent changes were safe.
The Challenge
Corn needed rapid security validation of their protocol's accounting logic. The complexity of interactions between depositing, staking, and reward distribution created potential for accounting mismatches that could lead to insolvency.
Our Approach
We defined solvency invariants ensuring that total deposits always matched total shares at the correct price. The fuzzer generated sequences of deposits, withdrawals, and reward distributions to stress-test the accounting.
Findings
Insolvency due to Incorrect Accounting
Invariant testing revealed a critical accounting error where specific sequences of operations could cause the protocol's liabilities to exceed its assets, leading to insolvency.
Results
The critical insolvency bug was found quickly through fuzzing. After the fix, continued invariant testing validated that the fix was correct and that subsequent development changes didn't introduce regressions. The Corn cofounder praised Recon's innovation in making invariant testing accessible.
“The recon team is continuously innovating to make invariant testing vastly more accessible to projects, which makes a meaningful difference in security outcomes. They bring their broad expertise in and passion for web3 security to any engagement above and beyond the specified scope.”
Dapp, Cofounder at Corn