LEARN
A comprehensive glossary of smart contract security, invariant testing, and fuzzing concepts.
Invariant Testing
Invariant testing is a smart contract testing methodology that verifies properties (invariants) that must always hold tr...
Fuzzing
Fuzzing is an automated testing technique that feeds random, unexpected, or malformed inputs to a program to discover bu...
Echidna
Echidna is a Haskell-based smart contract fuzzer for Ethereum that uses property-based testing to find violations of use...
Medusa
Medusa is a Go-based smart contract fuzzer that uses parallel execution and coverage-guided fuzzing to find invariant vi...
Halmos
Halmos is a symbolic execution tool for EVM smart contracts that mathematically proves whether properties hold for all p...
Property-Based Testing
Property-based testing is a software testing methodology where developers define general properties that should always h...
Smart Contract Audit
A smart contract audit is a systematic security review of blockchain smart contract code to identify vulnerabilities, lo...
Formal Verification
Formal verification is the use of mathematical methods to prove that a smart contract's behavior conforms to its specifi...
Chimera Framework
Chimera is Recon's open-source framework for writing invariant tests that are simultaneously compatible with Echidna, Me...
Stateful Fuzzing
Stateful fuzzing is a fuzzing technique that maintains contract state across a sequence of function calls, testing how t...
Mutation Testing
Mutation testing evaluates test suite quality by introducing small code changes (mutations) and checking whether existin...
Coverage-Guided Fuzzing
Coverage-guided fuzzing is a technique where the fuzzer tracks which code paths are executed and prioritizes inputs that...
Symbolic Execution
Symbolic execution analyzes smart contracts by treating inputs as mathematical symbols rather than concrete values, expl...
Fuzz Testing
Fuzz testing (fuzzing) is the automated process of providing random, semi-random, or mutated inputs to software in order...
Smart Contract Security
Smart contract security encompasses the practices, tools, and methodologies used to identify and prevent vulnerabilities...
Reentrancy
Reentrancy is a smart contract vulnerability where an external call allows an attacker to re-enter the calling function ...
Flash Loan Attack
A flash loan attack exploits uncollateralized loans that must be borrowed and repaid within a single transaction, using ...
Oracle Manipulation
Oracle manipulation is an attack where an adversary distorts the price data that a smart contract relies on, typically b...
Slippage Protection
Slippage protection is a mechanism that prevents trades from executing at prices significantly worse than expected, guar...
Access Control
Access control in smart contracts is the system of permissions and roles that restricts which addresses can call privile...
Integer Overflow
Integer overflow occurs when an arithmetic operation produces a value that exceeds the maximum (or falls below the minim...
Front-Running
Front-running is an attack where a malicious actor observes a pending transaction in the mempool and submits their own t...
Proxy Pattern
The proxy pattern is a smart contract architecture that enables upgradeability by separating a contract's storage (proxy...
Time-Weighted Average Price (TWAP)
A TWAP oracle computes the average price of an asset over a defined time window, smoothing out short-term volatility and...
Liquidation Mechanism
A liquidation mechanism is the process by which a lending protocol closes undercollateralized positions by selling colla...
Coverage Classes
Coverage classes are the set of all meaningfully distinct execution paths through a smart contract, enumerated by analyz...
AI Auditing
AI auditing uses artificial intelligence to automate parts of the smart contract security review process, including prop...
Automated Auditing
Automated auditing applies automated tools and techniques — static analysis, fuzzing, formal verification, and AI-powere...