menu
How to Test Ethereum Smart Contracts: Good Auditing Practices
When we develop a project based on the Ethereum blockchain, the first thing to do is to guarantee the security of the smart contract and the quality of the code.

When we develop a project based on the Ethereum blockchain, the first thing to do is to guarantee the security of the smart contract and the quality of the code. Otherwise, you could lose a huge amount of money.

                

As you may have heard, the Parity Ethereum wallet lost $30 million due to code vulnerabilities. For this reason, the Satoshi Pie fund lost 32.4% of its equity. In 2016, the attacker broke into the DAO and took $50 million.

 

These examples clearly show that even a small defect or mistake can result in bad consequences. Therefore, testing smart contracts is a crucial part of the process of creating them.

 

The purpose of auditing smart contracts is to find code errors, check program logic, and make sure everything is fine. A high-quality audit will allow you to eliminate risks, anxiety and save your nerves and resources.

 

How to prepare for testing smart contracts

Preparation plays an important role, helping auditors define project objectives, more quickly define vulnerabilities, and improve the testing process.

 

Also, keep in mind that preparation starts from the moment you start creating the smart contracts. That's why it's important to know the vulnerabilities of a smart contract and ways to protect against them.

 

I recommend following these tips:

1. Please provide a detailed specification

 

Providing a clear technical specification is always a good idea, as it helps blockchain developers to clearly understand smart contract objectives, use cases and operating principles.

 

While it's important, many companies don't create it. However, most engineers say that the document allows them to clarify thinking and increase the chances of project success.

 

In the specification, describe the intended behavior of a smart contract: how each function should work, how it shouldn't, and how they should all work together. Use diagrams as they also allow you to see possible alternatives and see how people might misinterpret your code.

 

2. Document the smart contract implementation process

 

While your smart contract code may be great, there are some important steps to take before deploying it. To avoid setbacks and save staff efforts, provide documentation of the deployment process.

 

A well-documented process that includes the order in which contracts will be deployed, which compiler versions will be used for which contracts, etc., will help you avoid smart contract vulnerabilities .

 

3. Clean up the project repository Quality, clutter -free smart contract

Code will facilitate and automate the work of auditors. When preparing the project for the testing process, remove any unused and unnecessary files, contracts, or pieces of code.

 

In addition, you must specify which contracts are used for auditing only (meaning they are not part of the final system) and which are reused from tested code or inherited from validated.

 

How to test Ethereum smart contracts

The process of auditing a smart contract is similar to testing any other code: a set of standard method calls are created in the predefined environment and statements are written for their results.

 

Auditing is a process consisting of:

 

Test development

Testing smart contract state changes

Event test

Bug test

Message sender verification

To audit your project, it is convenient to use Behavior Driven Development (BDD) practices, which together with tests allow you to create documentation and use cases. Now there is a wide range of frameworks, libraries and other tools for auditing smart contracts.

While test development in Solidity is limited to the capabilities of that programming language, you can use JavaScript, the Truffle framework, Parity, and other trusted technologies.

 

Auditing smart contracts with Truffle

Today Truffle is the most popular framework for Ethereum smart contract audit. Truffle is a Node.js framework used to compile, link and implement smart contracts. The framework is written in a completely modular way, allowing engineers to choose the functionality they need.

 

While in Truffle v.2 the tests are written in JavaScript, in Truffle v.3 the developers have added the ability to write tests in Solidity, whose syntax is similar to that of JavaScript.

 

Truffle offers many useful features that include binary management, library linking, custom deployment support, framework migrations, script deployment, access to hundreds of external packages, external script executor and automated contract auditing with Mocha and Chai - all to avoid failures in smart contracts.

 

When speaking of the fact that blockchain systems generally do not work very fast, auditors use blockchain test clients, for example TestRPC which almost completely emulates the work of the JSON RPC API of Ethereum clients.

 

In addition to the standard methods, TestRPC also implements several additional methods, such as evm_increaseTime and evm_mine. A good alternative to applying TestRPC is to use one of the standard clients, for example Parity, which runs in dev mode and has transactions committed instantly.