Description
Tests, especially automated ones, act as a foundational safety net, ensuring that the source code operates as intended and remains protected from unintended side effects or vulnerabilities.
It is worth noting that multiple issues discovered during this project could have been detected with a proper testing suite in place.
The project lacks tests for adversarial scenarios. For example, tests designed to detect unauthorized access to modify contract parameters.
Additionally, existing tests do not account for operations with large values, or custom tokens with a higher number of decimals. Since most values use the i128 type, failing to test operations with larger numbers could conceal potential integer underflow and overflow issues, as highlighted in PHOAM-001.
Recommendation
Add more tests to consider adversarial situations such as unauthenticated or unauthorized actions. Add tests using negative i128 amounts.
Include tests involving custom tokens with more decimals than a typical Stellar Asset Contract.
Tests should handle higher token amounts, considering the amount of decimals. For instance, if testing with a token with 18 decimals, make sure to add 18 zeros plus the amount of tokens desired for the test.
Consider using the try_... statement within an assertion instead of declaring the expected panic error. This allows controlling with better precision the line where the error is expected.
Description Tests, especially automated ones, act as a foundational safety net, ensuring that the source code operates as intended and remains protected from unintended side effects or vulnerabilities. It is worth noting that multiple issues discovered during this project could have been detected with a proper testing suite in place. The project lacks tests for adversarial scenarios. For example, tests designed to detect unauthorized access to modify contract parameters. Additionally, existing tests do not account for operations with large values, or custom tokens with a higher number of decimals. Since most values use the i128 type, failing to test operations with larger numbers could conceal potential integer underflow and overflow issues, as highlighted in PHOAM-001.
Recommendation Add more tests to consider adversarial situations such as unauthenticated or unauthorized actions. Add tests using negative i128 amounts. Include tests involving custom tokens with more decimals than a typical Stellar Asset Contract. Tests should handle higher token amounts, considering the amount of decimals. For instance, if testing with a token with 18 decimals, make sure to add 18 zeros plus the amount of tokens desired for the test. Consider using the try_... statement within an assertion instead of declaring the expected panic error. This allows controlling with better precision the line where the error is expected.