Insufficient testing
In the current project, a significant portion of the issues, including bugs, security vulnerabilities, and functional inconsistencies can be traced back to inadequate testing practices. We addressed such issues in the Threat Model section (). Comprehensive testing is essential to ensure the correctness and security of the system. Either code coverage or negative testing is a good way to trigger bugs directly (e.g., the out-of-bound issue).
Moreover, the upgradeability of the protocol is not thoroughly tested. The current test suite does not extensively cover the upgradeability of the protocol, a component which is essential for the protocol to be production-ready. As the upgradeability of the protocol is a critical component, requiring a relatively high level of confidence, we recommend that the protocol be thoroughly tested in this regard.