Skip to main content

Understanding Invariant Checks

The Invariants tab in your AuditAgent scan results provides insights into the properties of your smart contracts that should always hold true, no matter what sequence of valid operations is performed. Invariant checking is a powerful technique to uncover subtle bugs and ensure the fundamental correctness of your protocol's logic.

Invariants Tab Overview

What are Invariants?

In the context of smart contracts, an invariant is a condition or a statement about the state of the contract (or multiple contracts) that must be maintained before and after any transaction or sequence of transactions. If an invariant is violated, it indicates a potential flaw in the contract's logic or an unintended behavior.

info

The invariants are only shown to paid customers. Subscrive to Pro or Enterprise to access it!

Examples of invariants could include:

  • "The total supply of a token never exceeds its maximum cap."
  • "The balance of a contract always equals the sum of all user deposits it holds."
  • "A user can never withdraw more funds than they have deposited."
  • "A critical state variable can only be changed by an authorized address."
  • "A particular function can only be successfully called if a certain set of preconditions are met."

What the Invariants Tab Shows

The Invariants tab typically displays the following information:

  • List of Checked Invariants: A list of all the specific invariant conditions that were tested during the scan. It includes:
    • Function: The function where the invarariant is located.
    • Description: A short description of the invariant.
    • Condition: The condition that should never be broken.

Why Invariant Checking is Important

  • Deep Bug Detection: Invariants can help find complex bugs that might be missed by other testing methods, especially those involving multiple interactions or edge cases.
  • Ensuring Core Logic: They verify that the fundamental business rules and safety properties of your protocol are consistently upheld.

Reviewing Invariant Results

You can leverage those invariants for your own internal testing processes and leverage them for fuzzing or formal verification methods. Once your invariants have been generated, you can also refine them or add new ones in your future scans to improve the results further. More info on the Invariant page.

Checking invariants is a vital part of a thorough security audit, helping to ensure your smart contracts behave as intended under all circumstances.