When building an Ethereum project, focus on smart contract security and code quality. Otherwise, you may lose huge money. For Instance, Parity Ethereum wallet lost $30 million because of code vulnerabilities.
For this reason, Satoshi Pie fond lost 32,4% of its assets. In 2016, the attacker hacked the DAO and took away $50 million.
These examples clearly show that even a slight mistake or defect in the smart contract logic can lead to bad results. That’s why smart contract audit is an essential part of smart contract development.
The goal of this stage is to identify code errors and check the program logic. A high-quality thoughtful audit will allow you to remove risks, anxiety, and save your nerves and resources.
The process of smart contract audit
The process of smart contract audit is similar to testing of any other code: a set of standard method calls is created in the predefined environment, and statements are written for their results. The audit is a complicated process that includes:
- Testing of smart contract state changes
- Event testing
- Error testing
- Checking a messages’ sender
Smart contract testing with Truffle
Now Truffle is the most popular framework for Ethereum.
Truffle is a Node.js framework used to compile, link, and deploy smart contracts. The framework is written in a completely modular way enabling engineers to choose the functionality they need.
Truffle offers a lot of useful features including binary management, library linking, custom deployment support, migrations framework, scriptable deployment, access to hundreds of external packages, external script runner, and automated contract audit with Mocha and Chai.
Considering the fact that Blockchain systems don’t work very fast, auditors use Blockchain test clients, for example, TestRPC that almost completely emulates the work of the JSON RPC API of Ethereum clients.
Besides standard methods, TestRPC also implements a number of additional ones, such as evm_increaseTime and evm_mine.
A good alternative to applying TestRPC is to use one of the standard clients, for instance, Parity, that runs in dev mode and has transactions instantly confirmed.
To start working with Truffle framework install it via npm:
npm install -g truffle
Then, perform the truffle init command in order to create the project structure:
$ mkdir solidity-test-example
$ cd solidity-test-example/
$ truffle init
Contracts must be located in the contracts/ directory and tests – in the test/ directory. When you compile contracts, Truffle expects that each contract is placed in a separate file, and the contract name is equal to the file name.