A unit test is a focused test that verifies a single function or small piece of code works correctly in isolation. In smart contract development, unit tests form the foundation of a comprehensive testing strategy, catching bugs early and providing confidence that individual components behave as expected before integration.

Unit Tests in Smart Contract Development

Smart contract unit tests typically follow a pattern: set up initial state, execute a function, and verify the results match expectations. Unlike integration tests that verify how components work together, unit tests isolate individual functions to ensure their logic is correct.

In Foundry, unit tests are straightforward to write:

1function test_Deposit() public {
2    // Setup
3    uint256 depositAmount = 1 ether;
4    
5    // Execute
6    vault.deposit{value: depositAmount}();
7    
8    // Verify
9    assertEq(vault.balanceOf(address(this)), depositAmount);
10    assertEq(address(vault).balance, depositAmount);
11}

The naming convention test_ prefix tells Foundry this is a test function. Clear names like test_Deposit communicate what's being tested.

Why Unit Tests Matter for Security

Unit tests serve multiple security purposes beyond basic functionality verification:

Documentation: Well-written unit tests document expected behavior. When auditors review code, they examine tests to understand how functions should work. Missing tests for critical functionality is a red flag.

Regression prevention: After fixing a vulnerability, a unit test ensures the bug doesn't reappear. This proof of concept becomes a permanent safeguard.

Edge case coverage: Unit tests explicitly verify edge cases like zero values, maximum amounts, and boundary conditions. These tests catch issues that casual manual testing often misses.

Refactoring confidence: When optimizing or refactoring code, unit tests verify that behavior hasn't changed unexpectedly. This is particularly important for gas optimizations that might inadvertently alter logic.

Unit Tests vs Other Testing Types

Understanding how unit tests fit into a broader testing strategy helps teams allocate testing effort effectively:

Unit tests verify individual functions work correctly with specific inputs. They're fast, easy to write, and provide immediate feedback during development.

Fuzz tests extend unit testing by generating random inputs, exploring behavior across many scenarios rather than just the ones developers anticipate.

Invariant tests verify system-wide properties hold regardless of operation sequences. They catch issues that emerge from complex state interactions.

Integration tests verify components work together correctly, catching interface mismatches and interaction bugs that unit tests miss.

A comprehensive test suite includes all these types. Unit tests form the base, providing fast feedback and documenting expected behavior. Higher-level tests build on this foundation to verify system correctness.

Best Practices for Unit Testing

Test one thing per test: Each unit test should verify a single behavior. Multiple assertions are fine if they all relate to the same behavior, but testing multiple scenarios in one function makes failures harder to diagnose.

Use descriptive names: Test names should describe what's being tested and the expected outcome. test_Withdraw_RevertsWhenBalanceInsufficient is better than test_Withdraw2.

Test both success and failure paths: Don't just test that functions work correctly—test that they fail correctly when given invalid inputs.

1function test_Withdraw_RevertsWhenBalanceZero() public {
2    vm.expectRevert("Insufficient balance");
3    vault.withdraw(1 ether);
4}

Isolate external dependencies: Unit tests should mock or stub external contract calls to focus on the function being tested. Foundry's vm.mockCall() enables this isolation.

Maintain test independence: Each test should set up its own state and not depend on other tests having run first. This prevents mysterious failures when test order changes.

Unit Testing and Code Coverage

Test coverage tools measure what percentage of code is executed by tests. High unit test coverage indicates thorough testing but doesn't guarantee security—a function can be covered without testing all its edge cases or failure modes.

Aim for high coverage as a baseline, but focus on meaningful tests rather than coverage numbers. A 90% coverage metric means little if the tests don't verify correct behavior.

Unit Tests in Security Audits

Security auditors examine a project's unit tests to understand intended behavior and assess testing thoroughness. Sparse tests suggest undiscovered bugs; comprehensive tests suggest a mature development process.

During audits, auditors often write their own unit tests to explore functionality and verify hypotheses about potential vulnerabilities. These tests frequently become proofs of concept for reported findings.

For project teams, maintaining robust unit tests before an audit improves audit efficiency. Auditors spend less time understanding basic functionality and more time hunting for deep vulnerabilities.