Assessment reportsPublic findings
Back to Zellic site
Assessment reports>Prisma Finance>Discussion>Missing test suite
GeneralOverview
Findings
Critical (1)
Low (1)
Informational (2)
DiscussionInaccurate require stringInconsistent update of `lastDefaultInterestUpdate`Unused codeDiscrepancy between interface and implementationMissing test suite
Threat ModelsWhat are threat models?AdminVoting.solAllocationVesting.solBorrowerOperations.solConvexDepositToken.solDebtToken.solFactory.solIncentiveVoting.solLiquidationManager.solPriceFeed.solPrismaToken.solSortedTroves.solStabilityPool.solTokenLocker.solTreasury.solTroveManager.sol
Audit ResultsSummary
AppendixAppendix

Missing test suite

When building a complex contract ecosystem with multiple moving parts and dependencies, comprehensive testing is essential. This includes testing for both positive and negative scenarios. Positive tests should verify that each function's side effect is as expected, while negative tests should cover every revert, preferably in every logical branch.

Good test coverage has multiple effects.

  • It finds bugs and design flaws early (preaudit or prerelease).

  • It gives insight into areas for optimization (e.g., gas cost).

  • It displays code maturity.

  • It bolsters customer trust in your product.

  • It improves understanding of how the code functions, integrates, and operates --- for developers and auditors alike.

Therefore, we recommend building a rigorous test suite that includes all contracts to ensure that the system operates securely and as intended.

Please note that during the audit, we did not have access to Prisma Finance's test suite as it was explicitly out of scope, which prevented us from assessing its thoroughness and verifying the code's functionality. We have outlined a number of testcases that we suggest implementing in the Threat Model section (ref) at the end of the report.

Zellic © 2025Back to top ↑