Missing test suite code coverage
Description
In our assessment of Biconomy Batched Session Router Module's test suite, we observed that while it provides adequate coverage for many aspects of the codebase, there are specific branches and codepaths that appear to be under-tested or not covered at all.
Some functions in the smart contract are not covered by any unit or integration tests, to the best of our knowledge. The following functions do not have full test coverage:
BatchedSessionRouter.sol: validateUserOp.
ERC20SessionValidationModule.sol: validateSessionParams.
SessionKeyManagerModule.sol: validateSessionKey.
Impact
Because correctness is so critical when developing smart contracts, we always recommend that projects strive for 100% code coverage. Testing is an essential part of the software development life cycle. No matter how simple a function may be, untested code is always prone to bugs.
Recommendations
Expand the test suite so that all functions are covered by unit or integration tests.
Remediation
This issue has been acknowledged by Biconomy Labs, and a fix was implemented in commit 12037aff↗.