The test suite does not properly test expected behavior, as the contracts run in production.
Additionally, certain components lack error-handling methods.
These deficiencies can cause failed tests to be overlooked.
In particular, the tests fail to properly check error messages.
For example, errors are silenced with a try-catch statement.
If this error is silenced, there will be no guarantee that a smart contract call has reverted for the right reason.
As a result, if the test suite passes, it will provide no guarantee that the transaction call reverted correctly.
Short term, test these operations against a specific error message.
Testing will ensure that errors are never silenced, and the test suite will check that a contract call has reverted for the right reason.
Long term, follow standard testing practices for smart contracts to minimize the number of issues during development.
- ToB Audit dForce Lending Finding 14
- Error Handling
- Test Suite
- Poor Error-handling
- Check Errors
- Follow Best-practices