Invariant Testing Engagement · 2024
Credit Coop
Recon delivered an invariant test suite for Credit Coop that uncovered hard-to-spot high-severity issues, providing extremely high ROI. The engagement made invariant testing core to Credit Coop's smart contract development.
The Challenge
Credit Coop needed comprehensive testing of their lending protocol, particularly around minting caps, interest calculations, and collateral management. Rounding errors in these areas could be exploited to bypass intended limits.
Our Approach
We built a comprehensive invariant test suite covering minting cap enforcement, interest accrual, and collateral accounting. The suite tested all combinations of borrows, repayments, and liquidations across multiple users and collateral types.
Findings
Rounding allows bypassing minting cap
Invariant testing identified that specific sequences of small minting operations could exploit rounding to exceed the intended minting cap.
Results
The invariant test suite uncovered a rounding issue that allowed bypassing the minting cap - a high-severity vulnerability that would have been extremely difficult to find through manual review alone. Credit Coop's CTO described the ROI as extremely high.
“The ROI on our engagement with Recon was extremely high. They built an invariant test suite that uncovered hard-to-spot high-severity issues and gave us a powerful tool to ship with confidence. Moving forward, invariant testing will be core to our smart contract development at Credit Coop. When we do our next audit, Recon will have to be a part of the picture.”
Thomas Hepner, Cofonder & CTO at Credit Coop