Recon Logo

Stateful Fuzzing

Stateful fuzzing is a fuzzing technique that maintains contract state across a sequence of function calls, testing how transactions interact with each other over time.

In Depth

Unlike stateless fuzzing (which tests each function call independently), stateful fuzzing builds up contract state through sequences of transactions. This is critical for finding bugs that only manifest after specific sequences of operations — for example, a vulnerability that requires depositing, then staking, then withdrawing in a specific order. Stateful fuzzers like Echidna and Medusa maintain the EVM state between calls, enabling them to find complex multi-step vulnerabilities. For a deep dive, read Stateful Fuzzing Explained: Why Sequence Matters.

Frequently Asked Questions

What is stateful fuzzing?

Stateful fuzzing tests smart contracts by generating random sequences of function calls while maintaining state between each call. This finds bugs that only appear after specific sequences of operations, which single-function tests miss. See how it compares to static analysis.

Why is stateful fuzzing important for DeFi?

DeFi protocols involve complex state changes across multiple transactions. A vulnerability might only appear after a specific sequence of deposits, borrows, and liquidations. Stateful fuzzing explores these sequences automatically. See real examples in the Liquity and Badger case studies.

Related Terms

FuzzingInvariant TestingCoverage-Guided Fuzzing

Related Blog Posts

Echidna vs Medusa: A Practical Comparison for Security Researchers

A hands-on comparison of Echidna and Medusa for smart contract fuzzing. We cover performance, config...

Stateful Fuzzing Explained: Why Sequence Matters in Smart Contract Testing

Most smart contract bugs only manifest after a specific sequence of transactions. Stateful fuzzing e...

Need expert help with stateful fuzzing?