Assessment reports>Bera Contracts>Medium findings>Lack of comprehensive test suite
Category: Code Maturity

Lack of comprehensive test suite

Medium Severity
Medium Impact
N/A Likelihood

Description

When building a project with multiple moving parts and dependencies, comprehensive testing is essential. This includes testing for both positive and negative scenarios. Positive tests should verify that each function's side effect is as expected, while negative tests should cover every revert, preferably in every logical branch.

The project currently lacks a test suite, with the sole exception being the StreamingNFTPool contract. However, for StreamingNFTPool, the tested use cases are minimal and do not test more complex scenarios. For example, the tests related to batch-stream creation implement only a case for a single token and not multiple, as supported by the function. The claimBatchRewards function is not tested at all. It is important to test the invariants required for ensuring security.

Impact

This code lacks a comprehensive test suite, increasing the likelihood of potential bugs.

Recommendations

We recommend building a rigorous test suite to ensure that the system operates securely and as intended.

Good test coverage has multiple effects.

  • It finds bugs and design flaws early (preaudit or prerelease).

  • It gives insight into areas for optimization (e.g., gas cost).

  • It displays code maturity.

  • It bolsters customer trust in your product.

  • It improves understanding of how the code functions, integrates, and operates — for developers and auditors alike.

  • It increases development velocity long-term.

The last point seems contradictory, given the time investment to create and maintain tests. To expand upon that, tests help developers trust their own changes. It is difficult to know if a code refactor — or even just a small one-line fix — breaks something if there are no tests. This is especially true for new developers or those returning to the code after a prolonged absence. Tests have your back here. They are an indicator that the existing functionality most likely was not broken by your change to the code.

Remediation

Zellic © 2025Back to top ↑