Loading...
Testing Smart Contracts
The talk
:
https://www.youtube.com/watch?v=fR_PXztjs-E&feature=youtu.be
What to test?
How to test?
What tools to use?
How to integrate them into your development lifecycle?
Tools covered
Linter
:
Solhint
Static analysis
:
Slither
Unit testing
:
Truffle test
Symbolic execution
:
Mythril
,
Manticore
Fuzzing
:
Echidna
More
: formal verification, professional auditing, bug bounties
What to test
Unit testing
Validate each unit of the code performs as designed
Make sure the input parameters are rejecting invalid values
Make sure the return values are within expected range and properly formatted
Testing of smart contract state changes
Event testing
Error testing
…
Prevent attacks and vulnerabilities
https://github.com/sigp/solidity-security-blog
Floating points and precision
Arithmetic under/over flows
Unexpected ether
Entropy illusion
Front-running / race conditions
Tx.origin authentication
Denial of service
Re-entrancy
Delegate call
Another reference
:
https://consensys.github.io/smart-contract-best-practices/known_attacks/
How to test
Please turn on JavaScript to use Paper in all of its awesomeness. ^_^
What to test?
How to test?
Tools covered
What to test
Unit testing
Prevent attacks and vulnerabilities
How to test