Skip to main content

Understanding Invariant Checks

The Invariants tab shows properties of your contracts that should always hold true, regardless of which valid operations were performed. Invariant checking surfaces subtle bugs and verifies the fundamental correctness of your protocol.

Invariants Tab Overview

What invariants are

In smart contracts, an invariant is a condition that must hold before and after any transaction or sequence of transactions. If an invariant is violated, the contract has a logic flaw or unintended behaviour.

Here are some common invariants in smart contract systems.

  • The total supply of a token never exceeds its maximum cap.
  • The balance of a contract always equals the sum of all user deposits it holds.
  • A user can never withdraw more funds than they have deposited.
  • A critical state variable can only be changed by an authorised address.
  • A specific function can only succeed if certain preconditions are met.

Take the second example. If the balance of a contract no longer equals the sum of its user deposits, the contract has either a missing accounting update somewhere or a path that lets funds leave without decrementing a deposit. Either is a serious bug, and either is the kind of system-level discrepancy a single function-level test rarely catches. That is the value invariants add over conventional unit tests.

What the tab shows

The tab lists every invariant that was checked during the scan. Each entry has three fields.

  • Function. The function where the invariant is located.
  • Description. A short description of the invariant.
  • Condition. The condition that should never be broken.

Why invariant checking matters

Invariants help find complex bugs that other testing methods miss, especially bugs that involve multiple interactions or edge cases. They verify that the fundamental business rules and safety properties of your protocol hold up under all valid execution paths.

Reusing the invariants

You can take the invariants AuditAgent generates and reuse them in your own testing process. They work directly with fuzzing tools and formal verification frameworks. You can also refine or extend them across future scans to tighten coverage over time.

Invariants are one of the outputs AuditAgent produces from every scan, alongside findings, the code summary, the architecture diagram, and the security score.

Persistent Memory

If you have Persistent Memory enabled for a project, invariants are automatically tracked across scans. You can also add, edit, and refine invariants directly from the memory viewer.