Duplicati uses two levels of verification. Before doing anything, it lists all the remote files and checks that all files are found and have the correct size. It also checks that there are no new files. There is a feature request to also check the remote files against an MD5 or SHA-1 sum if the storage provider reports it.
The second step is actually downloading a file and testing that it can be decrypted, decompressed and that its contents are as expected. This is done with a random sampling for each backup. The advanced setting --backup-test-samples=1
can be used to set how many ([0…inf]) samples are performed. You can set it to zero if you are not concerned about sudden changes and want to make it faster.
Internally, Duplicati keeps a count for verifications to make sure it spreads out the testing as much as possible (as opposed to always choose randomly, it chooses randomly amongst those least verified).