Ready to dive into some real-world testing? You're about to work with a fullstack banking app that's packed with intentional bugs waiting to be discovered.
Think of this as a treasure hunt where the treasures are bugs, and you're the detective.
This isn't just another demo app - it's a realistic banking system with real complexity:
- Backend: Go + Gin + GORM + PostgreSQL
- Frontend: React + TypeScript + Vite + Tailwind CSS
- Infrastructure: Docker Compose
- Your Mission: Find bugs + Build E2E tests with Playwright
Step 1: Fork this repo and unlink it from the network
Go to your fork → Settings → Scroll down → Click "Leave fork network"
Step 2: Get it running
VSCode users (recommended): Open in DevContainer - everything just works!
Everyone else: Run this one command:
./scripts/setup.shStep 3: Start exploring!
- App: http://localhost:3000
- API Docs: http://localhost:8080/swagger
- Backend: http://localhost:8080
Test users ready to go: alice, bob, charlie, eve, dave
Password for everyone: Test123!
Pro tip: Start with alice - she's got a good mix of accounts to play with.
You've got 4 focused hours to:
- Hunt for bugs - They're hiding in plain sight
- Build E2E tests - Show us how you'd catch these bugs automatically
- Document everything - Clear, actionable reports
Drop these files in the repo root:
- BUG_REPORT.md - Every bug you find (use our template!)
- TESTING_STRATEGY.md - Your game plan
- TEST_EXECUTION.md - How to run your tests
- tests/e2e/*.spec.ts - Your Playwright tests
Check TEMPLATES.md for formats and examples.
- Checking: The Swiss Army knife - does everything
- Savings: Receives money, doesn't send it (no withdrawals either)
- Credit: Only receives transfers
- Transfers: $1 - $5,000
- Deposits: $10 - $10,000
- Withdrawals: $20 - $2,000
- Active: Green light for everything
- Inactive/Frozen: Nothing works
Think like an attacker: What would break this system?
- Try the obvious paths first (login, transfers, etc.)
- Then get creative (edge cases, boundary values)
- Don't forget security (can you access someone else's account?)
- API testing is your friend - Swagger UI makes it easy
Focus areas:
- Authentication & sessions
- Money movements (transfers, deposits, withdrawals)
- Account management
- Transaction history
- Data integrity
- Start with manual exploration - get a feel for the app
- Use the API docs - they're interactive and helpful
- Test boundaries - what happens at $0? $10,000?
- Check error handling - broken things should fail gracefully
- Think about real users - what would actually break their trust?
- Commit everything as a Pull Request in your repo
- Share the link with us
Remember: We're not just looking for bug-finding skills. We want to see how you think, how you approach testing systematically, and how you communicate your findings.
Ready to show us what you've got?