Failing tests and missing coverage in test suite
Description
Several functions in the smart contracts are not covered by any unit or integration tests, to the best of our knowledge. We ran both the Hardhat test suite and the Forge tests.
In the Hardhat test suite, the tests createPoolViaSdk and createPoolViaContract both fail.
The Forge tests cover most of the contracts within the scope of this audit. However, the following contracts have no test coverage to the best of our knowledge:
FusePoolLens.solFusePoolLensSecondary.solBlockVerifier.solMerklePatriciaVerifier.solRlp.solUniswapOracle.solUQ112x112.sol
Impact
Because correctness is so critically important when developing smart contracts, we recommend that all projects strive for 100% code coverage. Testing should be an essential part of the software development lifecycle. No matter how simple a function may be, untested code is always prone to bugs.
Recommendations
Expand the test suite so that all functions and their branches are covered by unit or integration tests.
Remediation
The issue has been acknowledged by Ionic Protocol and no changes have been made.
Ionic Protocol states that "The untested codebase is strictly related to the Keydonix implementation, which we currently have no plans of using or deploying. In case we proceed with their usage, we'll proceed with a re-audit and development of the tests for those smart contracts. FusePoolLens.sol and FusePoolLensSecondary.sol are instead tested extensively at the integration level, being core components of both how our SDK fetches data from fuse pools, as well as how the UI displays such data."