Skip to content

CI/CD: Lack of Automated Enforcement for Mandatory Unit Test Coverage on Newly Introduced Solidity Smart Contracts #67

@aniket866

Description

@aniket866

Feature and its Use Cases

Summary

Newly added Solidity contract changes/new file are not automatically checked for corresponding unit test files. This creates a quality and security gap in the current review configuration.


Problem

When a new contract file (*.sol) is added to the repository:

  • There is no validation ensuring a matching test file exists.
  • The pull request can be merged without automated test coverage.
  • Critical contract logic may go untested.

Given the security-sensitive nature of smart contracts, this is a high-risk process weakness.


Current Behavior

  • Solidity contracts are reviewed for security, gas optimization, and best practices.
  • Solidity test files are reviewed if present.

However:

  • There is no rule requiring a test file when a new contract file is introduced.
  • No warning or error is triggered if tests are missing.

Expected Behavior

When a new Solidity contract file is added:

  1. The system should detect the addition of the contract file.

  2. It should verify that a corresponding test file (e.g., ContractName.test.sol) exists.

  3. If no matching test file is found, the review system should:

    • Raise a warning (minimum), or
    • Block the merge (recommended for production repositories).

Impact

Without this enforcement:

  • Security vulnerabilities may go undetected.
  • Business logic may not be validated.
  • Refactors may introduce silent regressions.
  • Deployment risk increases significantly.

Proposed Enhancement

Implement an automated rule that:

  • Detects newly added *.sol contract files (excluding *.test.sol).
  • Requires a corresponding unit test file.
  • Fails or warns the pull request if the test file is missing.

Priority

High — especially for repositories containing production smart contracts.

Additional Context

@kpj2006 Please share your view on this?
feel free to assign

Code of Conduct

  • I have joined the Discord server and will post updates there
  • I have searched existing issues to avoid duplicates

Metadata

Metadata

Assignees

No one assigned

    Labels

    enhancementNew feature or request

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions