Date: February 2026
Foundry Version: v1.5.1
Fuzz Runs: 1,000 per test
Total Tests: 13
Total Runs: 13,000+
Status: ✅ ALL PASSED — 0 vulnerabilities found
| Test Name | Status | Runs | Avg Gas | Median Gas |
|---|---|---|---|---|
testFuzz_FeeCalculationNoOverflow |
✅ PASS | 1000 | 11,470 | 11,401 |
testFuzz_FeeTiersCorrect |
✅ PASS | 1000 | 6,523 | 6,440 |
testFuzz_SendETH |
✅ PASS | 1001 | 468,961 | 469,041 |
testFuzz_DelayBoundsEnforced |
✅ PASS | 1000 | 52,694 | 52,670 |
testFuzz_ExpiryBoundsEnforced |
✅ PASS | 1001 | 52,417 | 52,500 |
testFuzz_CancelReturnsExactAmount |
✅ PASS | 1001 | 492,550 | 492,568 |
testFuzz_ClaimAfterUnlock |
✅ PASS | 1001 | 622,448 | 622,518 |
testFuzz_ClaimBeforeUnlockFails |
✅ PASS | 1000 | 505,519 | 511,278 |
testFuzz_TVLConsistency |
✅ PASS | 1001 | 765,546 | 765,574 |
testFuzz_BatchSizeLimitEnforced |
✅ PASS | 1000 | 252,265 | 249,829 |
testFuzz_FeeGoesToTreasury |
✅ PASS | 1000 | 439,958 | 439,976 |
testFuzz_TransferIdAlwaysIncrements |
✅ PASS | 1000 | 1,961,150 | 2,225,513 |
testFuzz_ZeroAmountReverts |
✅ PASS | 1 | 45,187 | 45,187 |
- No Overflow: Fee calculation never overflows for amounts up to 1 billion ETH
- Tier Correctness: Progressive fee tiers (0.3%, 0.5%, 0.7%) correctly applied based on amount thresholds
- Treasury Receipt: All fees correctly forwarded to treasury address
- Amount Tracking: Stored amount always equals
msg.value - fee - Unlock Time: Correctly calculated as
block.timestamp + delay - ID Increment: Transfer IDs always increment sequentially
- Delay Bounds: Rejects delays < 1 hour or > 30 days
- Expiry Bounds: Rejects expiry periods < 7 days (but allows 0 = default)
- Exact Refund: Cancel returns exactly the stored amount (not original msg.value)
- Sender Only: Only original sender can cancel
- Unlock Enforcement: Claims before unlock time always revert
- Exact Payout: Claims return exactly the stored amount
- Timing: Works correctly across all valid delay ranges
- Sum Invariant: TVL always equals sum of all pending transfer amounts
- Fee Exclusion: TVL correctly excludes collected fees
- MAX_BATCH_SIZE: Batches > 50 items always revert with
BatchTooLarge - DoS Protection: Prevents gas limit attacks on batch operations
| Function | Min Gas | Avg Gas | Median Gas | Max Gas | Calls |
|---|---|---|---|---|---|
sendETH |
32,187 | 314,599 | 317,656 | 411,177 | 3,935 |
claim |
59,884 | 132,152 | 135,250 | 190,281 | 512 |
cancel |
64,130 | 64,130 | 64,130 | 64,130 | 256 |
batchRefundExpired |
34,047 | 104,620 | 103,407 | 175,823 | 256 |
calculateFee |
1,210 | 1,225 | 1,228 | 1,229 | 1,792 |
calculateFeeBps |
720 | 730 | 738 | 739 | 512 |
getTransfer |
26,413 | 26,413 | 26,413 | 26,413 | 256 |
totalValueLocked |
2,780 | 2,780 | 2,780 | 2,780 | 256 |
Deployment Cost: 4,074,710 gas
Contract Size: 18,300 bytes
Through 1000+ random runs per test, the following edge cases were verified:
- ✅ Minimum amount (0.001 ETH) processes correctly
- ✅ Maximum tested amount (100 ETH) processes correctly
- ✅ Minimum delay (1 hour) enforced
- ✅ Maximum delay (30 days) enforced
- ✅ Minimum expiry (7 days) enforced
- ✅ Zero expiry (uses 30 day default) works correctly
- ✅ Zero amount reverts with
InvalidAmount - ✅ Fee tiers transition at exact thresholds (0.4 ETH, 40 ETH)
- ✅ Batch size 51+ always reverts
- ✅ Cancel before unlock works (returns funds)
- ✅ Claim at exact unlock time works
No vulnerabilities found through fuzz testing:
- ✅ No arithmetic overflows
- ✅ No rounding errors that benefit attackers
- ✅ No timing manipulation vectors discovered
- ✅ No TVL inconsistencies
- ✅ All access controls properly enforced
- ✅ DoS protection (batch limits) working
- Test File: test/ReversoVault.fuzz.t.sol
- Config: foundry.toml
- Contract Tested: ../../contracts/ReversoVault.sol
# Navigate to foundry-fuzz directory
cd security/foundry-fuzz
# Run all fuzz tests (1000 runs each)
forge test --match-contract ReversoVaultFuzzTest -vv
# Run with gas report
forge test --match-contract ReversoVaultFuzzTest --gas-report
# Increase runs for deeper testing
forge test --fuzz-runs 10000 -vvGenerated by Foundry Fuzz Testing Suite