Assessment reportsPublic findings
Back to Zellic site
Assessment reports>Pyth2Wormhole>Low findings>Limited test-suite and code coverage
GeneralOverview
Findings
Critical (1)
Low (2)IPyth interface and implementation do not follow the recommended best practicesLimited test-suite and code coverage
Informational (1)
DiscussionExtraneous test condition in terra test codelatestPriceInfo does not check if price ID existsExtra check in attestHardcoded magic value
Category: Code Maturity

Limited test-suite and code coverage

Low Severity
Low Impact
N/A Likelihood

Description

Pyth Solana attester has only one test for the contract main function, attest (located in pyth2wormhole/client/tests/test_attest.rs).

Impact

A comprehensive testsuite covering all functionality is very effective in discovering existing bugs and prevent future ones.

Recommendations

We highly recommend Pyth to develop a comprehensive test-suite with maximum code coverage.

Remediation

The finding has been acknowledged by Pyth Data Foundation. Their official response is reproduced below:

Pyth Data Association acknowledges the finding, but doesn’t believe it has security implications. However, we may deploy a bug fix to address it.

Zellic © 2024Back to top ↑