Smart contracts are immutable programs: Once a contract is deployed, it cannot be altered. This allows users to be sure that the rules by which their funds are operated will not be changed. However, the same feature makes creating secure smart contracts extremely complicated. If you create a contract with a bug or vulnerability, it is there forever. That’s why testing is even more crucial for smart contracts than for traditional applications.
Why testing is necessary
First, let’s clarify what problems tests can and cannot solve. For this purpose, let’s point out the following difference between bugs and vulnerabilities:
→ If an issue leads to a planned scenario not running, it is a bug.
→ If an issue leads to an unplanned scenario running, it is a vulnerability.
Tests do not prevent vulnerabilities. A vulnerability is by definition something unplanned, so you can’t take it into account at the testing stage. To deal with vulnerabilities, you need other tools and actions, which are described at the end of this article.
Tests help us make sure that all planned scenarios run as intended. In other words, tests help prevent bugs. This fact has several important consequences:
- Rule of thumb: Every line of business logic must have a corresponding test. If you have a scenario in business logic, then you’ll have it in the code, which means you need to test it.
- The most important scenarios must be tested the most thoroughly. The scenarios that will be run by most users or that implement critical functionality require additional attention.
- Tests catch silly mistakes. Silly mistakes are made even by experienced developers and can be very dangerous.
- Tests are great for edge cases. What if a user tries to buy zero tokens? What if the number of users reaches the limit? These cases must be considered, and the best solution for this task is using tests.
- You need to have a detailed specification for your project to create…