What is invariant testing and how does it work?
A glossary of smart contract security, property-based testing, and fuzzing concepts.
Invariant Testing
Invariant testing is a smart contract testing methodology that verifies properties (invariants) that must always hold tr...
Fuzzing
Fuzzing is an automated testing technique that feeds random, unexpected, or malformed inputs to a program to discover bu...
Echidna
Echidna is a Haskell-based smart contract fuzzer for Ethereum that uses [property-based testing](/learn/property-based-t...
Medusa
Medusa is a Go-based smart contract fuzzer that uses parallel execution and coverage-guided fuzzing to find invariant vi...
Halmos
Halmos is a symbolic execution tool for EVM smart contracts that mathematically proves whether properties hold for all p...
Property-Based Testing
Property-based testing is a software testing methodology where developers define general properties that should always h...
Smart Contract Audit
A smart contract audit is a systematic security review of blockchain smart contract code to identify vulnerabilities, lo...
Formal Verification
Formal verification is the use of mathematical methods to prove that a smart contract's behavior conforms to its specifi...
Chimera Framework
Chimera is Recon's open-source framework for writing invariant tests that are simultaneously compatible with Echidna, Me...
Stateful Fuzzing
Stateful fuzzing is a fuzzing technique that maintains contract state across a sequence of function calls, testing how t...
Mutation Testing
Mutation testing evaluates test suite quality by introducing small code changes (mutations) and checking whether existin...
Coverage-Guided Fuzzing
Coverage-guided fuzzing is a technique where the fuzzer tracks which code paths are executed and prioritizes inputs that...
Symbolic Execution
Symbolic execution analyzes smart contracts by treating inputs as mathematical symbols rather than concrete values, expl...
Fuzz Testing
Fuzz testing (fuzzing) is the automated process of providing random, semi-random, or mutated inputs to software in order...
Smart Contract Security
Smart contract security covers the practices, tools, and methodologies used to identify and prevent vulnerabilities in b...
Reentrancy
Reentrancy is a smart contract vulnerability where an external call allows an attacker to re-enter the calling function ...
Flash Loan Attack
A flash loan attack exploits uncollateralized loans that must be borrowed and repaid within a single transaction, using ...
Oracle Manipulation
Oracle manipulation is an attack where an adversary distorts the price data that a smart contract relies on, typically b...
Slippage Protection
Slippage protection is a mechanism that prevents trades from executing at prices significantly worse than expected, guar...
Access Control
Access control in smart contracts is the system of permissions and roles that restricts which addresses can call privile...
Integer Overflow
Integer overflow occurs when an arithmetic operation produces a value that exceeds the maximum (or falls below the minim...
Front-Running
Front-running is an attack where a malicious actor observes a pending transaction in the mempool and submits their own t...
Proxy Pattern
The proxy pattern is a smart contract architecture that enables upgradeability by separating a contract's storage (proxy...
Time-Weighted Average Price (TWAP)
A TWAP oracle computes the average price of an asset over a defined time window, smoothing out short-term volatility and...
Liquidation Mechanism
A liquidation mechanism is the process by which a lending protocol closes undercollateralized positions by selling colla...
Coverage Classes
Coverage classes are the set of all meaningfully distinct execution paths through a smart contract, enumerated by analyz...
AI Auditing
AI auditing uses artificial intelligence to automate parts of the smart contract security review process, including prop...
Automated Auditing
Automated auditing applies automated tools and techniques — static analysis, fuzzing, formal verification, and AI-powere...
Foundry
Foundry is a Solidity development framework by Paradigm that provides fast compilation, built-in fuzz testing via forge ...
Solidity
Solidity is the primary programming language for writing smart contracts on Ethereum and other EVM-compatible blockchain...
DeFi
DeFi (decentralized finance) is the ecosystem of financial applications built on blockchains, replacing traditional inte...
Lending Protocol
A lending protocol is a DeFi application that lets users supply assets to earn interest and borrow assets against collat...
Vault Security
Vault security covers the patterns and testing strategies for protecting ERC-4626 tokenized vaults and custom vault impl...
Staking Security
Staking security covers the protection of staking protocols — liquid staking, restaking, and validator set management — ...
Governance Security
Governance security covers the protection of on-chain governance systems — voting, proposals, timelocks, and quorum mech...
ERC-6909
ERC-6909 is a minimal multi-token standard that manages multiple token IDs within a single contract, offering a gas-effi...
ERC-7540
ERC-7540 extends ERC-4626 with asynchronous deposit and redemption flows, adding request-fulfill lifecycles for vaults t...
ERC-4337
ERC-4337 is the account abstraction standard for Ethereum, enabling smart contract wallets that validate their own trans...
ERC-2535
ERC-2535 (the Diamond standard) is an upgradeable contract pattern where a single proxy delegates calls to multiple impl...
ERC-1155
ERC-1155 is a multi-token standard that supports both fungible and non-fungible tokens in a single contract, with batch ...
Certora CVL
Certora Verification Language (CVL) is a specification language used with the Certora Prover to formally verify smart co...
Static Analysis
Static analysis examines smart contract source code without executing it, automatically detecting common vulnerability p...
AI-Guided Fuzzing
AI-guided fuzzing uses large language models and machine learning to assist in generating fuzzing targets, writing invar...
Differential Testing
Differential testing compares the behavior of two or more implementations of the same specification to find discrepancie...
Corpus Management
Corpus management is the process of collecting, minimizing, and reusing interesting fuzzer inputs to improve coverage an...
Donation Attack
A donation attack exploits share-based token vaults (like ERC-4626) by inflating the share price through direct token tr...
Read-Only Reentrancy
Read-only reentrancy exploits external calls that read stale state from another contract during a callback, enabling pri...
Trident Fuzzer
Trident is a fuzzing framework for Solana smart contracts built by Ackee Blockchain, enabling property-based testing of ...
Automated Market Maker (AMM)
An automated market maker is a decentralized exchange mechanism that uses mathematical formulas to price assets and exec...
ZK Circuit Fuzzing
ZK circuit fuzzing applies property-based testing to zero-knowledge circuits, checking for under-constrained circuits, m...