This presentation has been developed to meet the growing need for blockchain-focused QA Engineers.
Everyone is talking about blockchain technology, especially in relation to smart contracts. Blockchain-related jobs are the second-fastest growing in today’s labor market; there are now 14 job openings for every one blockchain developer. And as Nick Szabo, the developer who coined “smart contracts,” pointed out, there is an extreme “$/knowledge” ratio in the blockchain space, where capital by far outpaces talent.
But where are all the QA engineers? It’s unacceptable to see projects gone live with little or no testing by anyone other than the dApp developer. We all know what happens when we combine new technology with a lack of formal QA… Bugs. Some could be minor, some can cause the loss of hundreds of thousands of dollars.
We will discuss the role of the modern tester and how it applies to the blockchain.
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
Smart Contract: QA Role for Decentralized Platform
1. Hire the top 3% of freelance talent
Smart contract:
QA Role for Decentralized Platform
2. imgimgimg
| 2
$whoami
Marco Andrade
● I'm from Brazil
● I have visited 18 countries (3 continents)
● QA Automation Engineer and Scrum
Master at Toptal
● Toptal's Community leader at Belo
Horizonte
7. | 7
Here's a bright idea: let's put code into the blockchain!
Some "accounts" have code attached to them, they become "contracts".
The code can:
Smart Contract
● Decide what happens to the coins sent to it
● Create new transactions
● Query blockchain data
● Generate events
● Call other smart contracts
● ... or do anything else since is Turing-complete
9. | 9
Requirements for a payment system
Decentralized, anonymous system for exchanging money/information:
● All transactions should be made over the Internet
● No central authority that will process transactions
● Users should be anonymous and identified only by their virtual identity
● A single user can have as many virtual identities as he or she likes
● Value supply (new virtual bills) must be added in a controlled way
11. | 11
QA Role
In 2017, it’s estimated that $500 million has been lost due to
bad code, and around half of that figure involved Ethereum.
12. | 12
QA Role
Very much the same:
● Build tests based on requirements.
● Automate and execute them.
● Provide risk assessment of the software to the team at any given point of the
development cycle.
14. | 14
Key points
● Immutable data
● Data visibility
● Learn different tools
● Ensure code is covered by tests
● Grow a quality culture inside your company
● Have a critical thinking
15. | 15
Smart contract
No internal state.
Stateless
Has internal state (is mutable), therefore need special
care for security and correctness.
Stateful
16. | 16
Smart contract
Business logic Triggered by the events
Using digital signatures to identify who
sent the messages
Putting the programs, messages, and
signatures on a Blockchain
Executing every program for every
message on every node.
19. | 19
Bug examples: King of the Ether Throne
It is little mistakes like these which can cause a lot of havoc if
not corrected in time.
20. | 20
Bug examples: King of the Ether Throne
When it comes to smart contract coding, attention to detail is
of paramount importance to avoid smart contract
vulnerabilities.
23. | 23
Bug examples: batchOverflow
It is little mistakes like these which can cause a lot of havoc if
not corrected in time. When it comes to smart contract coding,
attention to detail is of paramount importance to avoid smart
contract vulnerabilities.
26. | 26
Challenge of many standards and
protocols
As with any rapidly developing field, there has been a chorus of calls for
standardization. Items that could be targets for further standardization:
● Basic data models for Blockchain (Blocks, Events, and State Machine)
● Consensus algorithms (Proof of Work, Stellar Consensus, Hashgraph)
● Storage algorithms (Merkle Trees, MerklePatriciaTries, Linked Lists)
● Signature algorithms (JOSE Web Signing, Linked Data Signatures, Chainpoint)
● Web-based access protocols (Cre-ate, Read, Add, Get Status, Query)
27. | 27
Hard fork, soft fork, chain split and
replay attack
Introduce a limitation on what is valid. New versions of
software simply stop producing some forms of
transactions / blocks, etc. which were previously valid.
Soft fork
Introduces new features which old versions of software
do not support or recognise as valid. Forward-
incompatible.
Hard fork
Old software continues to accept data created by new
versions - the data will simply lack certain features.
Old version of software will discard data created by new
versions - often because it has features it doesn't know
how to handle.
28. | 28
Hard fork, soft fork, chain split and
replay attack
Chain split is a scenario where there are two or more
competing versions of the blockchain that share the
same history up to the point that their rulesets diverge.
Chain split
It is possible for both a soft fork and a hard fork to
cause a chain split.
29. | 29
Hard fork, soft fork, chain split and
replay attack
If you own some amount on the ledger before the split,
you will have the same amount on both ledgers after
the split. What if you want to spend money on one
ledger and not on the other?
Replay attack
30. | 30
Common security concerns
1. Wallet compromise / password stealing / social engineering*. This one is most
common by far.
2. Politics. In case of Bitcoin, influential people have continually steered the
course of development to their personal benefit.
3. 51% attack. The way distributed consensus works, the majority wins. So if 51%
of all miners decide to run an executable with a certain set of rules, they
control the blockchain.
4. Transaction selectivity attacks. Miners (esp. if colluding) basically have the
power to pick which transactions go into blocks, and (sometimes more
importantly) when.
31. Hire the top 3% of freelance talent
http://bit.ly/HireToptal
http://bit.ly/DevToptal
LinkedIn: bit.ly/MarcoQA
marco.felizardo@toptal.com
Muito obrigado!
Thank you! Questions? QA Automation Engineer