Testing Smart Contracts
Outline general approach to Smart Contract testing here with links to specifc code explanations under Solidity or alternative Smart Contract language.
Testing with Hardhat
Testing with Remix
After deploying the contracts from a local development environment.
For testing with Injected Web3 environment you need to authorize the account with Metamask
After connection your account shows in the dropdown menu.
To interact with the contract copy the hash into the At Address input box.
Advanced
forge coverage
Fuzz testing: throwing random data at the system.
Formal verification: mathematical proof that the system works as intended.
- Symbolic Execution
- Abstract Interpretation
- Model Checking
Symbolic execution is a technique that can be used to analyze a program to determine what inputs cause each part of a program to execute. It is a form of program analysis that follows the path of execution of a program as opposed to the program's actual execution.
solc --model-checker-engine chc --model-checker-targets oveflow ExamplContract.sol
Questions
When does fuzz testing find bugs that unit tests miss, and what class of vulnerability does it consistently fail to catch?
- The Advanced Foundry Updraft course uses
forge coverage— what coverage percentage is sufficient before deploying to mainnet, and who sets that threshold? - Symbolic execution can mathematically prove absence of overflow but not correctness of business logic — what testing approach closes that gap?
- If formal verification is the gold standard, why do most audited protocols still rely primarily on unit tests and manual review?