A Tester's Guide To Navigating The Wild West Of Web3 Testing

Web3 is the new era of the internet and is becoming an increasingly popular term. It represents the next step of the internet, claiming decentralized web infrastructure. You will see that the structure is based on a collection of dApps (decentralized applications) that use the Blockchain technology to create secure and transparent transactions.

The difference is massive when you compare to the previous versions of the Web. Now the data is not owned by only one central entity, like Google, Twitter. 

It is owned by you and only you decide who can have your information. Also, because of the Blockchain technology, it is far more secure than traditional web2.

Blockchain is the core and the base of any web3 app. It is really important to know the core and the structure of it to understand how web3 works. Let’s deep dive into the infrastructure of both web2 and web3.

Firstly, let’s understand Blockchain, it’s made up of 5 key components:

• Consensus Protocol: the mechanism used by the network of nodes in a blockchain to agree on a common ledger of transactions that are valid and immutable.
• Immutable Ledger: it is a public database with the record of transactions in the Blockchain that cannot be changed, deleted or tampered with once they are recorded. This is made possible by the use of cryptographic hash functions and a distributed network of nodes that verify and validate the transactions.
• Mining: (Not necessarily all Blockchains have this), it is a process of validating transactions and adding new blocks to the blockchain network. The process involves using computing power to solve complex mathematical puzzles, which requires a significant amount of energy and computational resources.
• Hash: a hash is a fixed-length string of characters generated from a block of data using a cryptographic hashing algorithm. The hash function takes an input and produces a unique output, which is a fixed-size string of characters.
• P2P Network (Peer-to-Peer Network): is a decentralized network architecture that allows individual computers or nodes to communicate and interact with each other directly without the need for a central server or authority.

These components together create a blockchain and are needed to verify the transaction and add a block to the Blockchain making it immutable (unable to be changed) and super secure. If you want to see what else you can study about Blockchain development, you can check out this roadmap.

Web2 has a Frontend, Backend and also a Database. All of these components are stored in the WebServer and only the WebServer has ownership and control of them.

Web3 has a Frontend still, which is the only component in the WebServer and the only component it has ownership and control of. The backend is deployed to the Blockchain and controlled by the community in the Blockchain. So, the database and the contracts are all owned by the users, not one single entity.

Testing Web3 Applications

Because the structure is different, web3 applications are more singular to test. You need to focus on testing smart contracts and security. Some specific tests for security are required like Monkey Testing and Static Analysis, Common Threat Vectors and Source of Randomness Attacks (This includes the double spend problem). It is also important as it is in web2 to do some penetration tests on your web3 App, and this is really critical as web3 Apps are all about security.

Another thing to keep in mind is the transaction speed, decentralized infrastructure and the complex business logic that you might come across when testing the dApp. To get familiar with the basic transactions you can use a wallet plugin like Metamask to perform the transactions in a local Blockchain using a tool like Ganache,

Remember you will still need to perform Unit, Integration, Usability, Performance and Functional Tests on web3 as you would on any other Web2 app.

There are many testing tools and frameworks that are available for testing web3 applications. These tools can help testers create test cases, generate test data, and automate test execution. 

Some popular testing frameworks for web3 include:

• Remix - A native IDE for Web3 Development.
• Web3.js - web3.js is a collection of libraries that allow you to interact with a local or remote ethereum node, really useful for Unit Tests.
• Hardhat - Ethereum Development tool, used for editing, compiling, debugging and deploying your smart contracts and dApps.
• Waffle - test automation for Smart contracts.
• Truffle - Compile, unit test, debug and deploy Smart contracts.
• Brownie - Unit Test for Smart contracts.
• Anvil - local Ethereum node, designed for development with Forge, akin to Ganache.
• Synpress - E2E Tests for Web3 Applications.
• Forge - Forge is a fast and flexible Ethereum testing framework, inspired by Dapp.
• Etheno - It’s a JSON RPC multiplexer, analysis tool wrapper, and test integration tool. It eliminates the complexity of setting up analysis tools like Echidna on large, multi-contract projects.

To check out other testing tools you can have a look at Alchemy which has quite a good list of Web3 Test Frameworks for different Blockchains.

Types of Web3 Testing

Exploratory testing: This is going to be a similar process as any other web2 app. Use heuristics and also the type of users that you have as a guide. Check if the wallet is working fine for both mobile and desktop platforms. If there is a wallet plugin and app just check if both are working fine. How was the process in general as an end user? 

Functional testing: On top of the exploratory tests that you will need to perform on the web3 app, you will also need to do some functional tests on the smart contracts itself. First remember to do some Unit tests and check the deployment of the contracts, transactions, gas fees are correct. Test the logic of the contracts and if they are performing as they should. 

Check validation messages for example if the network is busy see what happens, or if you make multiple requests and it exceeds the balance of tokens in your wallet. Can you see the value was deducted from the wallet and the blockchain updated the block? What happens when you switch between networks and add accounts and import tokens? 

Security testing is really important for web2 apps, but is absolutely crucial for web3 applications, as the blockchain is an immutable ledger. Once the bug is deployed then there is no rollback, basically the only way is forward. You need to focus on attacks that can happen, double spending transactions and keep up to date with the latest attacks. Penetration testing needs to be considered before going live and avoiding headaches in the future. Many attacks were recorded throughout the history of the blockchain already and all of them were extremely critical, once your app is considered vulnerable you will have lost the customer trust for good. Some examples of most recent and well known securities issues are: Vega Protocol - Not sure if funds are safe after outage, DAO Attack, Assets stolen from Binance, Hacker exploited a vulnerability in Parity multi-sig software wallet, In 2014, Mt. Gox was hacked and thousands of Bitcoins were stolen

Performance testing is used to test the scalability and speed of transactions on the network. It can be challenging since you might need to test the node transactions between different networks. For this one you can use any other tool that you use for web2 apps as well and the concept is the same, test transaction and response time.

Interoperability testing is a useful type of test when checking the compatibility of different web3 protocols and networks. For example if you want to swipe tokens between networks. As the blockchain ecosystem is vast, there are many different protocols and networks that developers can use. Interoperability testing helps ensure that the dApp or smart contract works seamlessly across different web3 protocols and networks.

Conclusion

Web3 testing is still a relatively new and small market, but this means you have time to prepare yourself. There are not too many tools and it is quite complex to develop and test such applications. You can give it a try using the Metamask Test App or even run this workshop locally.

Everybody talks about AI nowadays and Web3 comes with the opposite idea. The idea to own your information. AI is nothing without your data and the way to prevent that is adopting web3 apps and technology. Web3 comes to revolutionize the way we use the internet and stop with the marketing and propaganda that is thrown up on us daily. It uses us as a product and we become a maneuver mass without even realizing.

You can find more resources about Web3 Tests on our Discord community or following people in the industry like Oleksandr Romanov, Rhian Lewis or myself.