Assessment reports>Brevis>Discussion>Test suite

Test suite

For a large codebase with multiple moving parts and dependencies, comprehensive testing is essential.

Therefore, we recommend building a rigorous test suite that tests all functionalities, not just with integration tests but also through tests of individual functions, to ensure that the system operates as intended.

During our audit, we noticed that while tests were present for many functions, they often only tested particular hardcoded inputs. We recommend to, as far as possible, test random samples across the entire range of possible inputs, along with possibly hardcoded, handpicked test inputs for rare edge cases. For example, Finding ref could have been found by tests if the Keccak padding function had been tested with inputs of varying lengths, by comparing against external implementations of Keccak and its padding function.

Note that for proof circuits, tests can generally only test for completeness. The most serious bugs are often underconstraints that make the circuit unsound, and these bugs cannot be found with normal testing. Thus, comprehensive testing should be considered complementary to thorough manual review.

Zellic © 2025Back to top ↑