Skip to main content

13. Plutus Contracts Testing Strategy

· 2 min read

Status

Accepted

Context

  • We are implementing our custom (Direct) interaction w/ Cardano blockchain and not using the PAB nor the Contract monad to define off-chain contract code
  • This implies we cannot use the official testing framework for Contracts which relies on Contract monad and emulator traces nor the QuickCheck based framework
  • We want to follow our Test-Driven Development approach for contracts as this is a critical part of Hydra
  • On-Chain Validators need not only to be correct and functional, but also secure and hardened against malicious parties

Decision

Therefore

  • We test-drive single contracts code using Mutation-Based Property Testing
  • Contracts are tested through the construction of actual transactions and running phase-2 ledger validation process
  • We start from a "healthy" transaction, that's expected to be correct and stay so
  • Contract code is initially const True function that validates any transaction
  • We flesh the contract's code piecemeal through the introduction of Mutations that turn a healthy transaction into an expectedly invalid one
  • We gradually build a set of combinators and generators that make it easier to mutate arbitrarily transactions, and combine those mutations

Consequences

  • We make the contracts' Threat model explicit through the tests we write, which should help future auditors' work
  • We'll need an additional layer of tests to exercise the Hydra OCV State Machine through sequence of transactions. This could be implemented using quickcheck-dynamic library, or other tools that are currently being developed by the Cardano community