Tag: blockchain web3 tests

Web3 Test Series: Oleksandr Romanov

Oleksandr Romanov

Oleksandr Romanov is a Software Engineer in Test / Software Engineer from Dnipro, Ukraine.

He has 11+ years of experience in testing and test automation. His main area of expertise is building and leading test automation processes. He has worked with banking apps and payments services, CMS systems and mobile games. At the moment he is responsible for test engineering for a complex blockchain and blockchain-based applications.

He loves to share his knowledge in the form of articles and conference talks. Currently he contributes to these projects:

How can developers get started with building DApps on Web3, and what are some best practices to follow?

Decentralized applications in a nutshell very similar to the regular applications. From frontend part it is not different at all. The difference starts with the backend part. You need to learn what is blockchain, how it works, how to store data on-chain, how to create smart contracts and use oracles to fetch data from the world.

Best practice is to test smart contract code before the release. Due to the nature of blockchain, you can’t easily change the code after the release. That’s why in case of a bug, you have a huge risk to loose a lot of money and user’s credibility. Thus you need to put a lot of effort to test business logic and security of smart contract as much as possible.

What are some of the current trends and developments in Web3, and how might they shape the future of the internet?

Trends and developments in Web3 can be split into to major groups. 

First, there are totally new things – available and used mostly at the blockchain world: decentralized identities, zero-knowledge proofs, tokens and NFTs.

Second group – are the projects where people want to move successful business model from a Web2 to Web3 world. In some cases it is almost one-to-one movement, in other – it results in a totally new models. One of examples here are projects from the decentralized finances sector and any project with a prefix “decentralized-”:  web browsers, social media and video hosting platforms, file hosting like IPFS and many many others. 

What are the most important things to test when building a decentralized application (DApp) on Web3?

Functionality. One of the biggest differences building DApp is that you as an engineer do not have a full control of your backend – it is distributed among ten of thousands of computers around the world. The blockchain is constantly evolving and you to be aware of changes and how they can affect your application. 

That’s why you need to understand how your application deals with the blockchain, how data is stored and retrieved, how pays the fees, how you present on-chain data to your customers. The deeper your knowledge of a particular blockchain – the less obvious bugs you will encounter at your DApp.

Security. When dealing with decentralized applications the majority of bugs come from the purely written smart contracts (or any code working with the blockchain). Hundreds of millions of dollars are lost due to neglecting the question of security for DApps. You can check some (not all) known hacks for Solidity at solidity-by-example resource. 

So in-depth security testing are the must-have for such applications. There are security testing tools like Slither, Echidna, Manticore, MythX available. But as any security tool – they can’t provide 100% security guarantees. Additionally, there are separate companies or people who do security audit for smart contracts.  

Performance. You should also understand how DApps behave in terms of the performance. As blockchain of the DApp is partially or fully stored at the blockchain – you don’t have a direct influence at the performance of the network. So you need to build usef flows in such a way that application should be blocked until transaction is stable. Stability or correctness can be checked as side – process. But it is all depends on the type of the DApp. 

What tools and frameworks are available for testing smart contracts and other components of Web3 applications?

In Ethereum world the standard frameworks are Hardhat, Truffle or Brownie. All of them have nice toolset for keeping contracts testable and observable. 

If you want to use some other programming toolset for smart contract development – it is possible to simulate the network locally using Ganache.

The testing of the Dapp can be split onto various levels.

  • Unit tests for the frontend usually created by the developers in Javascript / Typescript
  • Unit tests for the smart contracts can be done using Solidity or Javascript. Or Python if you use Vyper.
  • Integration tests are usually implemented in Javascript as well. Hardhat for example offers integration with Mocha out of the box.
  • UI tests can be created at any available language, but in case of JS stack – it can be plain old Selenium WebDriver or it’s fancier competitors – Playwright or Cypress.
    • For wallet integration (like Metamask) there are some libraries available: synpress, dappeteer

How does Cardano Blockchain differ from other blockchain platforms like Ethereum?

Cardano has a lot of differences from other blockchains available on the market.  

  • Transaction model. instead of account-based transaction model (like in Ethereum), Cardano has UTXO model – similar to Bitcoin’s. More precisely – an extended UTXO model. 
  • Tokens. You don’t need to create special smart contracts to get new tokens on Cardano. Here tokens are natively supported along with the native currency – ADA. 
  • Consensus protocol. Cardano uses “Ouroboros” proof-of-stake protocol (in some variations) from the launch date. So the chain itself much greener and consumes less energy for producing blocks. Ethereum has only recently switched to proof-of-stake. 
  • Upgradability. It was a long and hard road, but now it is possible to update the main chain and protocol almost instantly and without a risk to get issues or a big forks.
  • Formal Verification. All new major technical improvements to the chain starts as a whitepapers and then formally proved by a scientist community. Only after that it become a code. 

What programming languages and development frameworks are used for building applications on Cardano?

At this time the main programming language for creating smart contracts at Cardano is Plutus. It is a Haskell-like language, that allows to build and test smart contracts before they are deployed. You can start to dig into Plutus from the documentation page. From the first sight Plutus may seem like a hard one – but it offers a better security and auditabilty comparing to Ethereum’s Solidity. 

In addition to Plutus, you can try Marlowe – the domain-specific language for financial contracts. It can work either with Haskell or with Javascript. 

If you want to learn how to create smart contracts using I can also recommend the Plutus Pioneer Program course. For better understanding you check a prerequisite course on Haskell. 

What resources and communities are available for learning and collaborating on Web3 development?

Official documentation is the first source of information about a particular blockchain or technology. Additionally, each major blockchain projects has it’s own forums and Discord communities. 

If you have some background in programming language, I can recommend the following resources:

From testing point of view – I definitely can recommend Web3 tests community. It is a very young community, but will be useful for those who want to understand testing in blockchain a little deeper.

Also – you can check Awesome Blockchain Testing repo in search for posts and whitepapers on testing in blockchain. 

To get a glance on how testing is done for Plutus on Cardano – check out Testing Plutus Smart Contracts series of blog posts. 

Thanks for the participation Oleksandr ! Amazing interview and a leader to follow in the web3 area! 🚀

Web3 Test Series: Rhian Lewis

Rhian Lewis

Rhian Lewis is a consultant software engineer and former digital journalist at The Times who is a regular international conference speaker and panellist on all things blockchain and cryptocurrency. She launched the altcoin portfolio tracker countmycrypto.com, co-founded the London Women in Bitcoin meetup group in 2014 and has acted as an advisor and strategist on various blockchain projects for the last seven years. She blogs on cryptocurrency and is the author of The Cryptocurrency Revolution (Kogan Page) and Understanding Decentralized Finance (Kogan Page). She is based near Plymouth, UK.

How can we test the performance and scalability of our DApp on Web3, especially when it comes to handling high volumes of transactions?

Testing dApps challenges many of our assumptions about testing, primarily the idea that we can provide a controlled test environment that closely mirrors Production. Of course. It is still important to adhere to all our good practices for the non-Web3 parts of the application: if we are making requests to APIs for the non-blockchain parts of the dApp or if the front end is complex, we would apply all the normal strategies and tools that we would apply for a standard Web 2.0 application.

However, as the back end for the dApp is effectively supplied by a public blockchain, our application can only be as scalable and performant as the underlying network itself. Choice of blockchain will influence our approach: we may opt to use a Layer 2 solution, for example, rather than directly using a blockchain like Ethereum.

But sometimes all the testing in the world can’t help you. There have been several instances where Ethereum has more or less ground to a halt where the system is under a lot of pressure, such as the doomed Bored Ape Yacht Club Otherside NFT drop. In cases like this, even the best designed dApp will fail to deliver: the role of the tester in this case is to have ensured that the behaviour of the dApp when the system is under such pressure is such that it communicates to users exactly what is happening and – as far as possible – attempts to conserve the current state so that transactions can happen later. So you should always ensure your tests cover the “very unhappy path” scenario.

What tools and frameworks are available for testing smart contracts and other components of Web3 applications?

The good news is that we have a lot of choice when it comes to tools and frameworks, especially for automated tests. Most of these involve wrappers around existing test tools, or custom matchers for assertion libraries: for example, Waffle and Hardhat both provide their own versions of Mocha and Chai packaged with their one-stop development-test-and-deployment toolboxes.

Truffle, the original all-in-one Ethereum development solution, offers various choices for testing including the opportunity to run tests natively in Solidity with the `truffle test` command. Any of the frameworks I’ve mentioned could be used by someone with experience of JavaScript testing or development.

But there are also solutions based around Rust (Foundry) or Python (Brownie). Your choice of tools and language will, of course, be heavily influenced by the blockchain that your team are developing on top of and the smart contract languages that are used.

All of these I’ve mentioned are focused around testing smart contracts, but it’s also important to test the other elements that make up a dApp, including the front end. For that you could consider using Dappeteer, which is a fork of Puppeteer originally developed by the developers at Decentraland.

How can we ensure that our DApp is secure and resistant to attacks, such as denial-of-service (DoS) attacks, double-spending attacks, and others?

This is a very relevant question, when we consider the billions of dollars worth of value that has been stolen or lost from the ecosystem through hacks and bugs.There are some very simple things that developers can do to close some of the more common loopholes, such as using pre-existing secure libraries such as OpenZeppelin during development.

And there are various good security practices such as protocols around how private keys are stored and how any client funds are stored, which are not specifically the tester’s responsibility to ensure, but which are a whole-team responsibility that everyone should be involved in.

One of the most important things a tester can do is to think outside the box: if I was a hacker, how would I behave? Manual exploration and curiosity is your primary tool here.

I mention the importance of this because many of the so-called bugs that have happened in Web3 are not actually software bugs at all – they are bugs in the requirements caused by product owners failing to anticipate that people may use the application in a certain way. Many so-called exploits on DeFi exchanges have been traders simply using the smart contract as it was designed: it was just that no one anticipated they would be able to do this.

Most reputable teams will hire an audit team and also offer bug bounties to white-hat hackers because the level of complexity of smart contracts is such that the expertise needed to spot potential attack vectors goes far beyond what an average developer or tester can spot. However, we still need to rule out all the bugs we can reasonably find at an early stage of development so we are not paying specialists to find issues that could have been caught earlier.

What are some common bugs and vulnerabilities that can arise in Web3 applications, and how can we detect and address them?


If we look at a list of the biggest Web3 hacks and attacks, one thing that jumps out is the vulnerability of bridges, which are a special type of smart contract that enables value and information to be exchanged between blockchains. These are notoriously fragile – and should be approached with caution.

Another area to be aware of is issues caused by the existence of the mempool in Ethereum and Ethereum-like chains. When your transactions are public, and when there is a delay between your contracts becoming public and actually being written to the blockchain, you need to think very carefully about whether there is information there that could be exploited. Some of this may be legitimate, like MEV, but in some cases it can allow attackers to benefit from this knowledge.

In the last question, you mentioned the double spend problem, which is something that always needs to be guarded against. Using static analysis tools such as Slither is also really important for defining potential weaknesses in smart contracts.


How can we collaborate with other developers and testing experts to improve the quality and reliability of our Web3 applications since it is a bit of a wild west at the moment ?

I feel this is something that is really lacking in Web3 at the moment, especially when it comes to testers. Your Web3 testing community is definitely the sort of thing that will make a difference. The main issue is that the whole ecosystem is in its infancy, and many projects are so early-stage that they don’t even have test teams. I believe this will change organically over time, but in the meantime, communities like the one you are creating has a chance to shape the way we test dApps in the future.

What resources and communities are available for learning and collaborating on Web3 development?

Chainacademy, of course! And Web3 testing community. And I would also encourage people to check out the B9Lab Academy, with whom I have worked in the past. They have been around since 2014 and Elias, the co-founder, spoke at the very first Ethereum DevCon. They have a great Cosmos program running, among other courses. The Ethereum Foundation has a good list of links, and you should also look out for great developer relations people like Camila Ramos (Fuel Labs) and Nader Dabit (Lens), who have written a lot of excellent tutorials.

And finally, nothing beats getting your hands dirty building your own dApp, or even playing around with tools like Remix. The more people who get involved in this community, the better.

Thanks for the participation Rhian ! You rock 🤘

E2E Tests for Web3 Applications (TestJS Summit 2022)

It is out 🎉🎉

If you are curious to know about web3 and how can you test it, here are some ideas!

We will go through a brief explanation of what is Web3 and the architecture of a web3 application. Then we will talk about how to do end-to-end tests, its challenges, some test tools that are available, and 2 demos using Synpress and mocking the web3 layer.

The agenda is:

– What is Web3;

– The Architecture of a Web3 Application;

– Web3 E2E Tests Introduction;

– Web3 E2E Tests Challenges;

– E2E Test Tools;

Demo.

https://portal.gitnation.org/contents/e2e-tests-for-web3-applications

It took me ages to record this video, not going to deny, I am still improving my video editor/design skills… I even bought a new mic to help me and would love to have some feedback about the talk in general.

If you have literally 5 seconds, here is the link.

The big news is, we have created a Web3 Tests Community on Discord !

Yes, me and Jakub, one of the creators of Synpress, are on that and we are looking for contributors and members (of course) 🙂

  1. Yes, I know… We have too many places to create a community nowadays 😩, but this one is going to be one for all of our Web3 Testing people.
  2. Still in the beginning so bear with us while we build and share the content.
  3. Join and share 🤩