The $223 million Cetus Protocol exploit, the $292 million Kelp DAO bridge breach, and the $4.5 million Wasabi Protocol admin key compromise share a common thread: each vulnerability existed in code that had been deployed, in some cases for months, before being exploited. The gap between deployment and exploitation reflects a fundamental limitation in current auditing practices — traditional single-pass audits are insufficient for the complexity and interconnectedness of modern DeFi protocols. This tutorial walks through building a multi-layer verification pipeline that combines static analysis, formal verification, fuzz testing, and continuous monitoring into a comprehensive security framework.
The Objective
The goal is to construct a security pipeline that catches vulnerabilities at multiple stages: during development, before deployment, and after mainnet launch. No single technique catches all bugs. The Cetus exploit, for instance, involved an integer overflow in a u256 shift-left operation that traditional static analyzers might flag as safe because the code included an explicit overflow check — the check itself was flawed. A multi-layer approach that includes formal verification of mathematical invariants would have caught this discrepancy.
This guide targets experienced Solidity and Move developers who already understand basic auditing principles and want to implement enterprise-grade verification for production DeFi deployments.
Prerequisites
Before starting, you should have: a working development environment with Foundry or Hardhat installed, familiarity with smart contract testing frameworks, understanding of common vulnerability patterns (reentrancy, overflow, access control, oracle manipulation), and access to at least one commercial static analysis tool such as Slither, Mythril, or Certora Prover. For the formal verification component, basic knowledge of first-order logic and SMT solvers is helpful but not strictly required.
You will also need a testnet environment that mirrors your target mainnet’s configuration, including gas limits, block times, and any protocol-specific parameters that affect contract behavior.
Step-by-Step Walkthrough
Step 1: Implement invariant-based testing. Define the mathematical properties that must always hold true in your protocol. For a concentrated liquidity DEX like Cetus, these invariants include: the total token reserves must equal the sum of all position balances, liquidity calculations must be consistent across add and remove operations, and no user should be able to withdraw more than they deposited plus earned fees. Write these invariants as Foundry test functions using the assertFalse pattern for property violations.
function test_invariant_reservesMatchPositions() public {
uint256 totalA = pool.reserveA();
uint256 totalB = pool.reserveB();
uint256 sumA = 0;
uint256 sumB = 0;
for (uint i = 0; i < positions.length; i++) {
(uint256 a, uint256 b) = pool.calculateWithdraw(positions[i]);
sumA += a;
sumB += b;
}
assertEq(totalA, sumA);
assertEq(totalB, sumB);
}Step 2: Build a targeted fuzzing campaign. Unlike random fuzzing, targeted fuzzing focuses on the mathematical boundaries where bugs typically hide. For fixed-point arithmetic, this means testing values near overflow boundaries (values with bits set in the upper 64 positions for 256-bit shift-left operations), extreme tick ranges in concentrated liquidity pools, and maximum uint values for all arithmetic operations. Use Foundry's vm.assume to constrain inputs to relevant ranges while still exercising boundary conditions.
Step 3: Apply formal verification to critical math paths. Use Certora Prover or Halmos to formally verify that your invariant properties hold under all possible inputs. This step would have caught the Cetus vulnerability because the formal prover would have found an input where the overflow check passed but the resulting shift produced an incorrect value — a violation of the arithmetic invariant. Focus formal verification on the most critical code paths: token transfer logic, liquidity calculations, and cross-chain message validation.
Step 4: Implement differential testing. Deploy your contract logic alongside a reference implementation — either a simplified version using arbitrary-precision arithmetic or a well-tested existing protocol. Run both implementations against the same inputs and verify that outputs match. Divergences indicate bugs in one implementation or the other. This technique is particularly effective for catching edge cases in complex arithmetic that unit tests might miss.
Step 5: Set up continuous on-chain monitoring. Post-deployment security requires real-time monitoring. Implement alerting for unusual transaction patterns: large withdrawals relative to total reserves, unexpected admin actions, new contract deployments from privileged addresses, and sudden changes in protocol state variables. Tools like Forta, OpenZeppelin Defender, and custom monitoring scripts can provide this capability.
Troubleshooting
Problem: Fuzzer finds too many false positives. Solution: Constrain your fuzz inputs more tightly using vm.assume to filter out irrelevant inputs. Focus on the mathematical ranges where bugs actually occur — typically near overflow boundaries, zero values, and maximum values.
Problem: Formal verification times out on complex functions. Solution: Simplify the function under verification by abstracting external calls and replacing complex loop logic with bounded iterations. Verify components independently, then verify their composition. If a function involves multiple mathematical operations, verify each operation's properties separately before verifying the combined function.
Problem: Monitoring generates too many alerts. Solution: Tune alert thresholds based on historical transaction patterns. Use statistical anomaly detection rather than fixed thresholds. Implement tiered alerting — low-priority alerts for slight deviations, high-priority alerts for significant anomalies that require immediate investigation.
Mastering the Skill
The most effective security practitioners in 2026 combine automated tooling with deep protocol understanding. Study past exploits in detail — the Cetus u256 overflow, the Kelp DAO bridge validation bypass, the Wasabi Protocol admin key escalation — and reverse-engineer how each vulnerability would have been caught by your pipeline. Contribute to open-source auditing tools and participate in audit competitions to build practical experience. With over $450 million lost across 45 protocols in early 2026 alone, the demand for rigorous security practices has never been greater, and the professionals who master these techniques will be essential to the industry's continued growth and credibility.
Disclaimer: This article is for educational purposes only and does not constitute professional security advice. Always engage qualified security auditors for production DeFi deployments.
Liquid staking derivatives are the backbone of modern DeFi
The composability of DeFi is something TradFi can never replicate
DeFi TVL recovery shows the fundamentals are stronger than ever
AMM innovations like concentrated liquidity changed everything
The composability of DeFi is something TradFi can never replicate
Smart contract audits have improved dramatically since 2022
Smart contract audits have improved dramatically since 2022
The composability of DeFi is something TradFi can never replicate