Tag: blockchain development

Web3 Test Series: Lewis Prescott

Lewis Prescott

QA Lead at Cera Care (one of Europe’s fastest-growing companies). He talks about Contract API Testing: 99 minute workshops with Ministry of Testing, on Testers Island Discs and many meetups.

He provides services on how to get started with API Contract Testing, Contract Testing for Microservices, End to End Testing, Acceptance Test Driven Development!

What are contract tests, and how do they differ from smart contract tests?

 Contract testing is a framework for testing integrations between two services, for example an API and a mobile app. The contract is defined by the mobile application who requests data, shares the request and expected response with the API service which verifies the implementation matches the expectations. Imagine when you start developing a feature that has frontend and backend components. They must communicate with each other perfectly, in happy path and negative scenarios. These details are usually detailed within some form of documentation, but who is verifying that both sides have implemented according to the documentation? That’s where contracts come in.

Smart contract tests are also focused on testing agreements with the terms between contracts written into code, but the difference is that the contract that is compared against to is a contract deployed to a Blockchain. Same concept as normal contract testing but this time focused on the decentralised applications (DApps) and blockchain ecosystems.

Why are contract tests important in software development, and how do they differ from smart contract tests in blockchain development? 

Contract tests offer the ability to scale integration tests by using mocks and act as unit level tests. Large applications with many integration points can be verified quickly and without significant maintenance of test environments. There is plenty of logic such as http codes, required fields and error contents which can be verified via contracts without the need for heavy duty integration environments.

Smart contracts are the backbone of decentralized applications (DApps) and business logic. They help ensure that the code deployed on a blockchain accurately represents the intended business logic, functions correctly in different scenarios, and is resistant to security vulnerabilities, specially given the irreversible and immutable nature of blockchain transactions.

What are some of the challenges developers face when writing contract tests versus smart contract tests?

Contract tests has a bit overhead on setup, with provisioning the broker to store the contracts. Deciding whether you want to self host or use a SaaS solution. As well as the process shift of teams changing how they go about testing integrations. Moving from the authors of the API service writing their own tests to the consumer such as the mobile app writing tests. Often when implementing contract tests you already have integration tests, so persuading people to duplicate the effort can be a hard sell as well.

Smart Contract tests same as the Contract tests are not straight forward when you are starting specially as you need to have special knowledge to setup test networks, wallets, and tools. Another important point is the costs associated when deploying and testing smart contracts, especially when running large-scale or repeated tests. On top of those there is the blockchain specific challenges and security.

How do contract tests and smart contract tests differ in terms of the tools and frameworks used to implement them?

Contract testing most commonly uses Pact & Pactflow which supports multiple languages and frameworks such as graphql. Offering matchers and the ability to compare results makes implementing contract testing much easier. Pactflow offers a SaaS solution to store contracts securely and additional features to visualise dependents.

Smart contract tests are often implemented using dedicated blockchain development tools and language such as Truffle, Hardhat, Solidity. These frameworks provide additional features like contract deployment management, fixture data handling, and integration with test networks. Tools like Ganache provide local blockchain test networks that developers can use to deploy and test smart contracts.

How do contract tests and smart contract tests differ in terms of their level of complexity and the skills required to write them?

Contract testing gets complicated when you need to setup different states before the tests can run, for example data needs to be available within the API in order to test the specific scenario. The key skill though required is good communication and collaboration. Due to the teams now relying on each other to deploy and make changes. It’s important to communicate effectively and support each other’s changes. Contract tests also live next to the code, requiring a decent level of programming skills and knowledge of the application under test.

Smart contracts tests need to consider factors such as consensus mechanisms, gas costs, and security vulnerabilities, blockchain network, deploying contracts, and handling transactions. Additionally, skills in testing blockchain-specific functionality, such as testing for gas usage optimization and handling different network environments, are essential for writing effective smart contract tests.

Thanks for the participation Lewis ! It is always a pleasure to learn from one of the biggest leaders in the area ! 🙌

Web3 Test Series: Oleksandr Romanov

Oleksandr Romanov

Oleksandr Romanov is a Software Engineer in Test / Software Engineer from Dnipro, Ukraine.

He has 11+ years of experience in testing and test automation. His main area of expertise is building and leading test automation processes. He has worked with banking apps and payments services, CMS systems and mobile games. At the moment he is responsible for test engineering for a complex blockchain and blockchain-based applications.

He loves to share his knowledge in the form of articles and conference talks. Currently he contributes to these projects:

How can developers get started with building DApps on Web3, and what are some best practices to follow?

Decentralized applications in a nutshell very similar to the regular applications. From frontend part it is not different at all. The difference starts with the backend part. You need to learn what is blockchain, how it works, how to store data on-chain, how to create smart contracts and use oracles to fetch data from the world.

Best practice is to test smart contract code before the release. Due to the nature of blockchain, you can’t easily change the code after the release. That’s why in case of a bug, you have a huge risk to loose a lot of money and user’s credibility. Thus you need to put a lot of effort to test business logic and security of smart contract as much as possible.

What are some of the current trends and developments in Web3, and how might they shape the future of the internet?

Trends and developments in Web3 can be split into to major groups. 

First, there are totally new things – available and used mostly at the blockchain world: decentralized identities, zero-knowledge proofs, tokens and NFTs.

Second group – are the projects where people want to move successful business model from a Web2 to Web3 world. In some cases it is almost one-to-one movement, in other – it results in a totally new models. One of examples here are projects from the decentralized finances sector and any project with a prefix “decentralized-”:  web browsers, social media and video hosting platforms, file hosting like IPFS and many many others. 

What are the most important things to test when building a decentralized application (DApp) on Web3?

Functionality. One of the biggest differences building DApp is that you as an engineer do not have a full control of your backend – it is distributed among ten of thousands of computers around the world. The blockchain is constantly evolving and you to be aware of changes and how they can affect your application. 

That’s why you need to understand how your application deals with the blockchain, how data is stored and retrieved, how pays the fees, how you present on-chain data to your customers. The deeper your knowledge of a particular blockchain – the less obvious bugs you will encounter at your DApp.

Security. When dealing with decentralized applications the majority of bugs come from the purely written smart contracts (or any code working with the blockchain). Hundreds of millions of dollars are lost due to neglecting the question of security for DApps. You can check some (not all) known hacks for Solidity at solidity-by-example resource. 

So in-depth security testing are the must-have for such applications. There are security testing tools like Slither, Echidna, Manticore, MythX available. But as any security tool – they can’t provide 100% security guarantees. Additionally, there are separate companies or people who do security audit for smart contracts.  

Performance. You should also understand how DApps behave in terms of the performance. As blockchain of the DApp is partially or fully stored at the blockchain – you don’t have a direct influence at the performance of the network. So you need to build usef flows in such a way that application should be blocked until transaction is stable. Stability or correctness can be checked as side – process. But it is all depends on the type of the DApp. 

What tools and frameworks are available for testing smart contracts and other components of Web3 applications?

In Ethereum world the standard frameworks are Hardhat, Truffle or Brownie. All of them have nice toolset for keeping contracts testable and observable. 

If you want to use some other programming toolset for smart contract development – it is possible to simulate the network locally using Ganache.

The testing of the Dapp can be split onto various levels.

  • Unit tests for the frontend usually created by the developers in Javascript / Typescript
  • Unit tests for the smart contracts can be done using Solidity or Javascript. Or Python if you use Vyper.
  • Integration tests are usually implemented in Javascript as well. Hardhat for example offers integration with Mocha out of the box.
  • UI tests can be created at any available language, but in case of JS stack – it can be plain old Selenium WebDriver or it’s fancier competitors – Playwright or Cypress.
    • For wallet integration (like Metamask) there are some libraries available: synpress, dappeteer

How does Cardano Blockchain differ from other blockchain platforms like Ethereum?

Cardano has a lot of differences from other blockchains available on the market.  

  • Transaction model. instead of account-based transaction model (like in Ethereum), Cardano has UTXO model – similar to Bitcoin’s. More precisely – an extended UTXO model. 
  • Tokens. You don’t need to create special smart contracts to get new tokens on Cardano. Here tokens are natively supported along with the native currency – ADA. 
  • Consensus protocol. Cardano uses “Ouroboros” proof-of-stake protocol (in some variations) from the launch date. So the chain itself much greener and consumes less energy for producing blocks. Ethereum has only recently switched to proof-of-stake. 
  • Upgradability. It was a long and hard road, but now it is possible to update the main chain and protocol almost instantly and without a risk to get issues or a big forks.
  • Formal Verification. All new major technical improvements to the chain starts as a whitepapers and then formally proved by a scientist community. Only after that it become a code. 

What programming languages and development frameworks are used for building applications on Cardano?

At this time the main programming language for creating smart contracts at Cardano is Plutus. It is a Haskell-like language, that allows to build and test smart contracts before they are deployed. You can start to dig into Plutus from the documentation page. From the first sight Plutus may seem like a hard one – but it offers a better security and auditabilty comparing to Ethereum’s Solidity. 

In addition to Plutus, you can try Marlowe – the domain-specific language for financial contracts. It can work either with Haskell or with Javascript. 

If you want to learn how to create smart contracts using I can also recommend the Plutus Pioneer Program course. For better understanding you check a prerequisite course on Haskell. 

What resources and communities are available for learning and collaborating on Web3 development?

Official documentation is the first source of information about a particular blockchain or technology. Additionally, each major blockchain projects has it’s own forums and Discord communities. 

If you have some background in programming language, I can recommend the following resources:

From testing point of view – I definitely can recommend Web3 tests community. It is a very young community, but will be useful for those who want to understand testing in blockchain a little deeper.

Also – you can check Awesome Blockchain Testing repo in search for posts and whitepapers on testing in blockchain. 

To get a glance on how testing is done for Plutus on Cardano – check out Testing Plutus Smart Contracts series of blog posts. 

Thanks for the participation Oleksandr ! Amazing interview and a leader to follow in the web3 area! 🚀

Web3 Test Series: Rhian Lewis

Rhian Lewis

Rhian Lewis is a consultant software engineer and former digital journalist at The Times who is a regular international conference speaker and panellist on all things blockchain and cryptocurrency. She launched the altcoin portfolio tracker countmycrypto.com, co-founded the London Women in Bitcoin meetup group in 2014 and has acted as an advisor and strategist on various blockchain projects for the last seven years. She blogs on cryptocurrency and is the author of The Cryptocurrency Revolution (Kogan Page) and Understanding Decentralized Finance (Kogan Page). She is based near Plymouth, UK.

How can we test the performance and scalability of our DApp on Web3, especially when it comes to handling high volumes of transactions?

Testing dApps challenges many of our assumptions about testing, primarily the idea that we can provide a controlled test environment that closely mirrors Production. Of course. It is still important to adhere to all our good practices for the non-Web3 parts of the application: if we are making requests to APIs for the non-blockchain parts of the dApp or if the front end is complex, we would apply all the normal strategies and tools that we would apply for a standard Web 2.0 application.

However, as the back end for the dApp is effectively supplied by a public blockchain, our application can only be as scalable and performant as the underlying network itself. Choice of blockchain will influence our approach: we may opt to use a Layer 2 solution, for example, rather than directly using a blockchain like Ethereum.

But sometimes all the testing in the world can’t help you. There have been several instances where Ethereum has more or less ground to a halt where the system is under a lot of pressure, such as the doomed Bored Ape Yacht Club Otherside NFT drop. In cases like this, even the best designed dApp will fail to deliver: the role of the tester in this case is to have ensured that the behaviour of the dApp when the system is under such pressure is such that it communicates to users exactly what is happening and – as far as possible – attempts to conserve the current state so that transactions can happen later. So you should always ensure your tests cover the “very unhappy path” scenario.

What tools and frameworks are available for testing smart contracts and other components of Web3 applications?

The good news is that we have a lot of choice when it comes to tools and frameworks, especially for automated tests. Most of these involve wrappers around existing test tools, or custom matchers for assertion libraries: for example, Waffle and Hardhat both provide their own versions of Mocha and Chai packaged with their one-stop development-test-and-deployment toolboxes.

Truffle, the original all-in-one Ethereum development solution, offers various choices for testing including the opportunity to run tests natively in Solidity with the `truffle test` command. Any of the frameworks I’ve mentioned could be used by someone with experience of JavaScript testing or development.

But there are also solutions based around Rust (Foundry) or Python (Brownie). Your choice of tools and language will, of course, be heavily influenced by the blockchain that your team are developing on top of and the smart contract languages that are used.

All of these I’ve mentioned are focused around testing smart contracts, but it’s also important to test the other elements that make up a dApp, including the front end. For that you could consider using Dappeteer, which is a fork of Puppeteer originally developed by the developers at Decentraland.

How can we ensure that our DApp is secure and resistant to attacks, such as denial-of-service (DoS) attacks, double-spending attacks, and others?

This is a very relevant question, when we consider the billions of dollars worth of value that has been stolen or lost from the ecosystem through hacks and bugs.There are some very simple things that developers can do to close some of the more common loopholes, such as using pre-existing secure libraries such as OpenZeppelin during development.

And there are various good security practices such as protocols around how private keys are stored and how any client funds are stored, which are not specifically the tester’s responsibility to ensure, but which are a whole-team responsibility that everyone should be involved in.

One of the most important things a tester can do is to think outside the box: if I was a hacker, how would I behave? Manual exploration and curiosity is your primary tool here.

I mention the importance of this because many of the so-called bugs that have happened in Web3 are not actually software bugs at all – they are bugs in the requirements caused by product owners failing to anticipate that people may use the application in a certain way. Many so-called exploits on DeFi exchanges have been traders simply using the smart contract as it was designed: it was just that no one anticipated they would be able to do this.

Most reputable teams will hire an audit team and also offer bug bounties to white-hat hackers because the level of complexity of smart contracts is such that the expertise needed to spot potential attack vectors goes far beyond what an average developer or tester can spot. However, we still need to rule out all the bugs we can reasonably find at an early stage of development so we are not paying specialists to find issues that could have been caught earlier.

What are some common bugs and vulnerabilities that can arise in Web3 applications, and how can we detect and address them?


If we look at a list of the biggest Web3 hacks and attacks, one thing that jumps out is the vulnerability of bridges, which are a special type of smart contract that enables value and information to be exchanged between blockchains. These are notoriously fragile – and should be approached with caution.

Another area to be aware of is issues caused by the existence of the mempool in Ethereum and Ethereum-like chains. When your transactions are public, and when there is a delay between your contracts becoming public and actually being written to the blockchain, you need to think very carefully about whether there is information there that could be exploited. Some of this may be legitimate, like MEV, but in some cases it can allow attackers to benefit from this knowledge.

In the last question, you mentioned the double spend problem, which is something that always needs to be guarded against. Using static analysis tools such as Slither is also really important for defining potential weaknesses in smart contracts.


How can we collaborate with other developers and testing experts to improve the quality and reliability of our Web3 applications since it is a bit of a wild west at the moment ?

I feel this is something that is really lacking in Web3 at the moment, especially when it comes to testers. Your Web3 testing community is definitely the sort of thing that will make a difference. The main issue is that the whole ecosystem is in its infancy, and many projects are so early-stage that they don’t even have test teams. I believe this will change organically over time, but in the meantime, communities like the one you are creating has a chance to shape the way we test dApps in the future.

What resources and communities are available for learning and collaborating on Web3 development?

Chainacademy, of course! And Web3 testing community. And I would also encourage people to check out the B9Lab Academy, with whom I have worked in the past. They have been around since 2014 and Elias, the co-founder, spoke at the very first Ethereum DevCon. They have a great Cosmos program running, among other courses. The Ethereum Foundation has a good list of links, and you should also look out for great developer relations people like Camila Ramos (Fuel Labs) and Nader Dabit (Lens), who have written a lot of excellent tutorials.

And finally, nothing beats getting your hands dirty building your own dApp, or even playing around with tools like Remix. The more people who get involved in this community, the better.

Thanks for the participation Rhian ! You rock 🤘