> For the complete documentation index, see [llms.txt](https://lab.guardianaudits.com/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://lab.guardianaudits.com/the-auditors-handbook/the-auditing-process/writing-tests-and-pocs.md). # 3⃣ Writing Tests & PoCs ### Tests If the test coverage is poor, fill in the gaps. By writing tests, you get a more intimate understanding of the contracts + there’s a good chance you find a bug (untested code is hearsay). There are some bugs that are much more obvious to a runtime execution than to human manual analysis. Test suites should aspire to reach 100% code coverage, the behavior of untested code paths is dubious. While you're writing tests, you may encounter some odd behaviors that you didn’t realize before — `@audit` tag them and explore these further after you finish your current thought/test. ### PoCs Now take the time to PoC any findings/attack vectors that you haven't already. It’s important to comment throughout each PoC sufficiently, both for your own understanding and others. While writing a PoC, you might discover that the system does not function as you thought it did, and your attack is not viable. In this case, go back to the drawing board and examine how your attack could be tweaked (the list of knobs is helpful here) so that the attack is valid. {% hint style="info" %} Now is a good time to use security tools to verify invariants you identified during the previous stage, etc... ("Security Tools" under construction) {% endhint %} --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter: ``` GET https://lab.guardianaudits.com/the-auditors-handbook/the-auditing-process/writing-tests-and-pocs.md?ask=&goal= ``` `ask` is the immediate question: it should be specific, self-contained, and written in natural language. `goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.