Overcoming Complexities of Testing a Cryptocurrency Wallet

%% date:: [[2023-11-14]] parent:: %% # [[Overcoming Complexities of Testing a Cryptocurrency Wallet]] conference:: [[Agile Testing Days 2023]] speaker:: [[Peter Yinusa]] About Peter - [[MetaMask]]: manager, QA Engineering - Consensys ## Fundamentals of a wallet A wallet: - holds private and public keys - lets you interact with various blockchain - allows you to send and interact with digital assets Types of wallets - Hot - Connected to internet - web-based, desktop, mobile wallet - free - Cold - offline - hardware wallet - expensive - Custodial - third-party has control of your private keys - recovery mechanisms - KYC and AML processes and procedures - Ex: Coinbase - Non-custodial - Only you have complete control of your private keys - If you lose your seed, it's gone - No KYC/AML ## Complexities in testing a crypto wallet - Proliferation of browsers - browser compatibility - with JavaScript APIs (`e.replaceAll is not a function`) - with browser APIs - Different browser versions might prevent you from doing things like loading resources from a CDN - Blockchain tooling - Blockchain developer tooling is still in its early stages for building and testing decentralised applications ([[dApps]]) - Blockchain environment - Cost: gas fees to cover computational effort - Speed: blocks committed once every 12 seconds - Control: no entity has control over the network becuase it's [[Decentralization|decentralized]] - Browser Automation Framework is lacking - [[Cypress]] has limited support for testing a browser extension, and it's the same for many other tools - Release process for browser extensions - Long review times to deploy a new browser extension version - Store violations: rejections and warnings can occur and they can pull your version down from the store abruptly - Security and privacy - Lots of things can't/shouldn't be recorded ever, such as private keys and personal information ## Tools and techniques available - Communication - Ex: If browser compatibility is an issue, check for that and display a message to the user - Use [[Chrome DevTools|DevTools]] to see, for example, console, sources, network, errors - You can block or intercept requests to see how the wallet performs in certain situations - Use [[Feature flags]] so that you can do controlled testing - Decouples build from release, development from exposure - Controlling the blockchain - local blockchain: personal [[Ethereum]] blockchain, e.g. [[Truffle Suite Ganache]] - DevNets: private environment against Mainnet data, e.g. [[Tenderly DevNets]] - Public Testnet: public testnet that devs can use, e.g. [[Sepolia]] - Keep tools up to date - `Ganache`, `mockttp` [[Node Package Manager|NPM]] modules - Use [[Observability Platforms|APM]] tools to capture stack traces, breadcrumbs, custom context, tracking releaess, session replay (but probably not for wallets) - They use [[Sentry]] https://agiletestingdays.com/session-ratings They use [[Selenium WebDriver]], and some [[Playwright]] recently. Seemed like little to no end-to-end performance testing.