We write the invariant tests that catch the bugs your manual audit missed — then hand you a test suite you can run forever.
Invariant testing (also called property-based testing or fuzzing) defines properties that must always hold true in your smart contract — like "total assets must equal sum of all deposits minus withdrawals" or "no user can withdraw more than they deposited." A fuzzer then generates millions of random transaction sequences trying to break these properties. If it finds a violation, you have a concrete exploit path to fix.
Here's how Recon's invariant testing compares to alternative security approaches.
| Approach | Bug Classes Found | Ongoing Value | Setup Time | Maintenance |
|---|---|---|---|---|
| Recon Invariant Testing | Logic, economic, state machine, arithmetic | Reusable test suite + CI integration | 1-3 weeks | Low — extend as you ship |
| Manual Audit Only | Depends on reviewer expertise | Point-in-time report | 2-4 weeks | Re-audit for changes |
| Static Analysis | Known patterns only | Fast but shallow | Minutes | High false-positive rate |
| Formal Verification | Mathematically proven properties | Breaks when code changes | Months | Very high — re-prove everything |
Recon Pro lets you run invariant tests in the cloud with no infrastructure management. Queue runs, view results, share with your team — all from the browser. During engagements, unlimited cloud runs are included so we can iterate rapidly.
Invariant testing defines properties (invariants) that must always be true in your contract, then uses a fuzzer to generate millions of random transaction sequences trying to violate them. It's a form of property-based testing and the most effective way to find logic bugs, economic exploits, and edge cases that manual review misses.
Typically 1-3 weeks for a focused scope. Complex protocols may take longer. The deliverable is a full test suite you own — not just a report.
We use Echidna, Medusa, Halmos, and Foundry fuzz testing depending on the project's needs. Our Recon framework scaffolds test suites across all of these tools from a single property definition.
Yes. You own the test suite. Run it locally, in CI, or in the cloud with Recon Pro. Extend it as you add features.
Unit tests verify specific scenarios you think of. Invariant tests verify properties across millions of random scenarios the fuzzer generates — including ones you'd never think to write. They're complementary: unit tests for known cases, invariant tests for unknown unknowns.
Start by identifying a property that should always hold — like 'total shares times price per share equals total assets.' Then scaffold a test harness using Chimera, define the property as a boolean function, and run it with a fuzzer. Our step-by-step tutorial walks you through writing three properties for a Solidity vault in under 30 minutes.
Talk to our fuzzing engineers about building a test suite for your codebase.
Send Audit RequestThorough manual review combined with invariant testing — the most rigorous approach to smart contract security available today.
DeFi-native security researchers who understand composability risks, economic attacks, and protocol-specific vulnerability patterns.
Deep Solidity expertise combined with automated invariant testing — covering every EVM chain from Ethereum to L2s.
Cloud-powered fuzzing infrastructure that runs Echidna, Medusa, Halmos, and Foundry — 12,500+ campaigns and counting.