Property Testing is a family of smart contract testing techniques that relies on specifying security properties and using automated tools to prove or invalidate those properties.

Example properties could be:

• A given function can only be called by the owner
• Money cannot be stolen from a vault
• Numerical overflow cannot occur in a given contract

There are several different algorithms that can attempt to detect security properties and property testing tools differ in their use of these algorithms.

For example Fuzzing and Formal Verification are more advanced versions of property testing which we have covered in their own sections. Below we offer a more accessible form of property testing using parametrized testing.

Parametrized testing

Parametrized testing involves defining test cases that are programmatically generated from a range of inputs. These inputs can be pre-determined or generated randomly. Below are the best tutorials on how to implement parametrized testing depending on which smart contract platform you prefer:

• Brownie: https://iamdefinitelyahuman.medium.com/effective-smart-contract-testing-property-based-testing-9e2a2b1fe77e (this also covers uses of fuzzing in Brownie)
• Dapp: https://github.com/dapphub/dapptools/tree/master/src/dapp#property-based-testing
• Hardhat and Ganache (using Mocha testing library): https://mochajs.org/#dynamically-generating-tests.

How to come up with security properties

The value of a property testing initiative depends both on the quality of the property testing tools as well as on the specific security properties used. We recommend taking an auditor mindset when it comes to defining security properties. Please refer our guide on How to do a Security Review to see different trust vectors to test (e.g., access control, state machine transitions and others).

‍