Security Practices
Thanks to @samsczun's How Do You Even Write Secure Code Anyways talk for the tips in this section and the following section.
- Don't optimize for coverage, optimize for well thought-out tests.
- Write positive and negative unit tests.
- Write positive unit tests for things that the code should handle. Validate all state that changes from these tests.
- Write negative unit tests for things that the code should not handle. It's helpful to follow up (as an adjacent test) with the positive test and make the change that it needs to pass.
- Each code path should have its own unit test.
- Write integration tests to test entire features.
- Write fork tests to verify the correct behavior with existing deployed contract.
Taint Analysis
When testing, you should prioritize functions that an attacker can affect, that means functions that accept some kind of user input. These are called sources.
Consider that input data as tainted until it has been checked by the code, at which point it's considered clean.
A sink is a part of the code where some important operation is happening. For example, in MakerDAO that would be vat.sol.
You should ensure that no tainted data ever reaches a sink. That means that all data that find themselves in the sink, should, at some point, have been checked by you. So, you need to define what the data should be and then make sure your checks ensure that the data will be how you expect it to be.
Write more secure code and better tests using these as references to learn from: