Status
Accepted
Context
- We are implementing our custom (Direct) interaction w/ Cardano blockchain and not using the PAB nor the
Contractmonad to define off-chain contract code - This implies we cannot use the official testing framework for Contracts which relies on
Contractmonad and emulator traces nor the QuickCheck based framework - We want to follow our Test-Driven Development approach for contracts as this is a critical part of Hydra
- On-Chain Validators need not only to be correct and functional, but also secure and hardened against malicious parties
Decision
Therefore
- We test-drive single contracts code using Mutation-Based Property Testing
- Contracts are tested through the construction of actual transactions and running phase-2 ledger validation process
- We start from a "healthy" transaction, that's expected to be correct and stay so
- Contract code is initially
const Truefunction that validates any transaction - We flesh the contract's code piecemeal through the introduction of Mutations that turn a healthy transaction into an expectedly invalid one
- We gradually build a set of combinators and generators that make it easier to mutate arbitrarily transactions, and combine those mutations
Consequences
- We make the contracts' Threat model explicit through the tests we write, which should help future auditors' work
- We'll need an additional layer of tests to exercise the Hydra OCV State Machine through sequence of transactions. This could be implemented using quickcheck-dynamic library, or other tools that are currently being developed by the Cardano community