Track and Optimize Test Coverage
Tracking and optimizing test coverage is crucial in smart contract development, especially from a security standpoint, as it ensures that critical paths, conditions, and edge cases are thoroughly tested. Incomplete coverage can leave vulnerabilities undiscovered, which attackers could exploit once the contract is deployed.
Integrating test coverage metrics into the CI/CD pipeline using tools like Hardhat (solidity-coverage) or Foundry (forge coverage) is not just beneficial—it’s essential.
Including test coverage as a mandatory step in the CI/CD pipeline ensures that security remains a continuous, automated process rather than an afterthought, ultimately reducing the risk of deploying vulnerable contracts.
Coverage Threshold Recommendations
To maintain a robust test suite, use the following thresholds:
Statement Coverage: At least 95%, ensuring most lines of code are executed during tests.
Branch Coverage: No lower than 90%, ensuring all possible branches in control structures (like
iforrequirestatements) are tested.Function Coverage: Ideally close to 100%, ensuring all functions are invoked at least once.
While striving for high coverage, developers should balance thorough testing with practical deployment timelines, recognizing that coverage alone doesn't guarantee security—it must be coupled with quality tests targeting known vulnerabilities.
Tools to Measure Test Coverage
Hardhat (solidity-coverage) A popular plugin for Hardhat that tracks statement and branch coverage in Solidity projects, providing detailed coverage reports.
Foundry (forge coverage) Foundry's built-in coverage tool (
forge coverage) generates test coverage reports for smart contracts written in Solidity, focusing on statement and function coverage.
Last updated