Support

## Dissecting RebaseToken.sol: Vulnerabilities and Design Considerations This lesson explores potential design flaws within the `RebaseToken.sol` smart contract. These are not necessarily critical, contract-halting bugs, but rather represent design choices that could lead to unintended behaviors or be exploited. Understanding these nuances is crucial for robust smart contract development. ### Flaw 1: Exploitable Interest Rate Inheritance in Transfers A subtle design choice in the `transfer` and `transferFrom` functions of `RebaseToken.sol` creates an opportunity for users to secure a higher interest rate for larger sums than intended by the contract's decreasing interest rate model. **Mechanism:** The core of this issue lies in how interest rates are assigned to recipients during a token transfer. * If a recipient has no existing token balance (`balanceOf(recipient) == 0`), they inherit the personal interest rate of the sender (`s_userInterestRate[recipient] = s_userInterestRate[msg.sender];`). * Conversely, if the recipient already holds a balance and thus has an established interest rate, their existing rate is preserved. **Exploit Scenario:** 1. **High Rate Lock-in:** A user (Wallet A) deposits a small amount into the vault when the contract's global interest rate is high. This action establishes and locks in a high personal interest rate for Wallet A. The contract is designed such that the global interest rate decreases as total deposits increase. 2. **Low Rate Deposit:** At a later time, when the global interest rate has significantly decreased, the same user utilizes a different wallet (Wallet B) to deposit a very large sum of tokens. Wallet B consequently receives the current, lower interest rate. 3. **Strategic Transfer:** The user then transfers the large token balance from Wallet B to Wallet A. 4. **Rate Retention:** Because Wallet A already possesses an established (high) interest rate, this rate is maintained. The substantial sum transferred from Wallet B now begins to accrue interest at Wallet A's original, high rate, rather than the lower rate Wallet B was assigned, or a blended average. This allows an early depositor to apply their favorable initial interest rate to a much larger capital amount deposited later, effectively circumventing the intended incentive structure where later, larger deposits receive lower interest rates. **Relevant Code Snippet (`transfer` function):** ```solidity // File: RebaseToken.sol // Function: transfer function transfer(address _recipient, uint256 _amount) public override returns (bool) { _mintAccruedInterest(msg.sender); _mintAccruedInterest(_recipient); if (_amount == type(uint256).max) { _amount = balanceOf(msg.sender); } // Key part for the flaw: if (balanceOf(_recipient) == 0) { s_userInterestRate[_recipient] = s_userInterestRate[msg.sender]; // Recipient inherits sender's rate } return super.transfer(_recipient, _amount); } ``` ### Flaw 2: Unintended Interest Compounding via Minting The interaction between how a user's balance is calculated by the `balanceOf` function and how interest is minted can lead to an unintended compounding effect, potentially deviating from a purely linear interest model. **Mechanism:** * The `balanceOf` function determines a user's total holdings by taking their base token amount (`super.balanceOf(_user)`, i.e., their principal) and multiplying it by an interest accrual factor calculated by `_calculateUserAccumulatedInterestSinceLastUpdate(_user)`. * Operations such as `burn` (and also `transfer`, `transferFrom`) invoke an internal function, `_mintAccruedInterest(_from)`. This function mints the accrued interest as new tokens, thereby increasing the user's `super.balanceOf(_user)`. * Subsequently, when `balanceOf` is called again, the interest accrual factor is applied to this new, larger principal, which now includes the previously minted interest. This sequence results in interest effectively compounding because future interest calculations are based on a principal that includes past interest payments. While the design might have aimed for linear interest on the initial principal, the act of minting accrued interest changes the calculation base. **Consequence:** Users who frequently trigger the `_mintAccruedInterest` function (for example, through many small transfers or burns) would experience a more rapid compounding of their interest compared to a scenario where interest is strictly calculated only on their initial principal. This behavior, while not necessarily critical, diverges from a strictly linear interest model. **Relevant Code Snippets:** `balanceOf` function: ```solidity // File: RebaseToken.sol // Function: balanceOf function balanceOf(address _user) public view override returns (uint256) { // ... (PRECISION_FACTOR omitted for clarity of concept) return super.balanceOf(_user) * _calculateUserAccumulatedInterestSinceLastUpdate(_user); } ``` `burn` function (illustrating the call to mint interest): ```solidity // File: RebaseToken.sol // Function: burn function burn(address _from, uint256 _amount) external onlyRole(MINT_AND_BURN_ROLE) { _mintAccruedInterest(_from); // Mints accrued interest, increasing super.balanceOf(_from) _burn(_from, _amount); } ``` ### A Note on Demo Code: Not for Production Use It is crucial to understand that the `RebaseToken.sol` contract discussed is a **demonstration project**. The code is **not production-ready** and **has not undergone a security audit.** The primary objectives of this demonstration code are: * To illustrate the fundamental concept of a rebase token. * To showcase a simplified linear interest model, notwithstanding the compounding elements discussed. Real-world implementations of rebase tokens, particularly those featuring compound interest, often employ more sophisticated mathematical techniques, such as Taylor expansions or binomial expansions. These were deliberately avoided in this demo for simplicity. ## Pioneering Cross-Chain Tokens: An Overview with Chainlink CCIP Having examined the intricacies of the rebase token smart contract, we now shift our focus to the exciting realm of cross-chain functionality. The goal is to explore how tokens like our rebase token can operate across multiple blockchains. This section introduces foundational concepts that will be built upon to make our token CCIP-compatible. ### Understanding Token Bridging: The Foundation of Cross-Chain Token bridging is a fundamental mechanism that enables the movement of assets or data between different, distinct blockchain networks. Bridges act as connectors, allowing users to, for example, transfer a token from Ethereum to Polygon, or send arbitrary messages between chains. This interoperability is key to unlocking a more interconnected and fluid Web3 ecosystem. ### Chainlink CCIP: Enabling Seamless Cross-Chain Interactions Chainlink's Cross-Chain Interoperability Protocol (CCIP) is a powerful technology designed to facilitate secure and reliable cross-chain communication. CCIP provides a generalized messaging, token transfer, and programmable token transfer layer, enabling developers to build sophisticated cross-chain applications. Its capabilities extend beyond simple token transfers, allowing for complex interactions and data sharing between smart contracts on different networks. CCIP is recognized for its robust security and its potential to significantly enhance the capabilities of decentralized applications. ### The Chainlink Cross-Chain Token Standard: Permissionless Innovation To simplify the development of cross-chain tokens compatible with CCIP, Chainlink has introduced a Cross-Chain Token Standard. This standard typically comprises an interface and a set of best practices that guide developers in building tokens that can seamlessly leverage the CCIP network. A significant advantage of this standard is its **permissionless nature**. Developers can utilize this standard to make their existing or new tokens CCIP-enabled without requiring explicit approval or whitelisting from Chainlink. This approach empowers developers by allowing them to retain full control over their token contracts and any associated liquidity pool contracts, while still benefiting from the power of CCIP. The subsequent parts of this series will delve deeper into adapting our rebase token to become CCIP-compatible, utilizing this very standard to unlock its cross-chain potential.

Vulnerabilities And-cross-chain-intro

A critical review to Rebase Token Vulnerabilities and Cross-Chain Token Primer with CCIP - Dissect design flaws in `RebaseToken.sol` such as interest rate manipulation and unintended compounding. Gain an overview of cross-chain token bridging and the Chainlink Cross-Chain Interoperability Protocol (CCIP).

Course Overview

About the course

What you'll learn

Advanced smart contract development

How to develop a stablecoin

How to develop a DeFi protocol

How to develop a DAO

Advanced smart contracts testing

Fuzz testing

Manual verification

Course Description

Who is this course for?

Engineers
Smart Contract Security researchers

Potential Careers

Web3 Developer Relations

$85,000 - $125,000 (avg. salary)

Web3 developer

$60,000 - $150,000 (avg. salary)

Smart Contract Engineer

$100,000 - $150,000 (avg. salary)

Smart Contract Auditor

$100,000 - $200,000 (avg. salary)

Security researcher

$49,999 - $120,000 (avg. salary)

Meet your instructors

Patrick Collins

Founder at Cyfrin

Web3 engineer, educator, and Cyfrin co-founder. Patrick's smart contract development and security courses have helped hundreds of thousands of engineers kickstarting their careers into web3.

Ciara Nightingale

Developer relations at Cyfrin

Guest lecturers:

Juliette Chevalier

Lead Developer relations at Aragon

Vasiliy Gualoto

Developer relations at ThirdWeb

Nader Dabit

Director of developer relations at EigenLayer

Ally Haire

Developer relations at Protocol Labs

Harrison

Founder at GasliteGG

Vitto Rivabella

CPO at Cyfrin

Last updated on June 10, 2025

Thanks for checking us out

Start learning for free

Start for free

Solidity Smart Contract Developer Advanced Foundry

Section 1: Develop an ERC20 Crypto Currency

Duration: 36min

Section 2: Develop an NFTs Collection

Duration: 3h 06min

Section 3: Develop a DeFi Protocol

Duration: 5h 02min

Section 4: Cross Chain Rebase Token

Duration: 6h 02min

1. Introduction

A comprehensive masterclass to Building Cross-Chain Rebase Tokens with Foundry and Chainlink CCIP - Learn to design, implement, and deploy interest-accruing rebase tokens across chains using Foundry and Chainlink CCIP. Covers burn-and-mint logic, advanced fork testing with local CCIP simulation, and automated deployment scripts. Duration: 3min

2. What Is-a-rebase-token

An essential guide to Demystifying Rebase Tokens and Elastic Supply - Grasp how rebase tokens use an elastic supply to algorithmically alter your balance, demystifying unexpected changes in your crypto holdings. You'll explore their core mechanics, types, contrast with standard tokens, and see how Aave's aTokens work, including a peek into their smart contract logic. Duration: 2min

3. Rebase Token-code-structure

A strategic guide to Blueprinting Your Single-Chain Rebase Token - Initialize your Foundry project and establish a clean development environment for your smart contracts. Then, architect the core functionalities of a single-chain rebase token, defining its dynamic balance system and a unique, decreasing global interest rate model to incentivize early users. Duration: 9min

4. Writing The-rebase-token-contract

A conceptual guide to Writing Your First Rebase Token in Solidity - Discover how to build an ERC20-based Rebase Token in Solidity, allowing user balances to automatically grow via accrued interest. This lesson details setting up global and user-specific interest rates, overriding `balanceOf` for dynamic balance reflection, and minting new tokens as interest. Duration: 33min

5. Mintinterest And-burn-functions

A comprehensive deep-dive to Solidity Rebase Tokens: Managing Dynamic Balances and Interest - Explore how to implement `_mintAccruedInterest` to ensure accurate reflection of accrued interest in user balances before any token operations. You'll learn to build `mint` and `burn` functions for rebase tokens, incorporating `type(uint256).max` for full balance interactions and adhering to Solidity best practices. Duration: 9min

6. Finish Rebase-token-contract

An in-depth lesson to Completing Your Rebase Token Smart Contract - Finalize your custom RebaseToken by overriding OpenZeppelin ERC20 functions like `balanceOf` and `transfer` for accurate interest accrual. Explore the `totalSupply` trade-off, add new utility functions, and identify the next vital step: implementing robust access control. Duration: 16min

7. Access Control

An implementer's guide to Securing Your RebaseToken: Implementing Access Control in Solidity - Learn to fortify your `RebaseToken` by integrating OpenZeppelin's `Ownable` for simple owner control and `AccessControl` for fine-grained, role-based permissions. You'll implement `onlyOwner` and `onlyRole` modifiers, define custom roles, and manage their assignment for critical functions. Duration: 12min

8. Quiz 10 Quiz

Questions: 9

9. Vault And-natspec

A practical guide to Building a Secure Rebase Vault with Effective Solidity Practices - Learn to construct a `Vault` contract managing ETH deposits and `RebaseToken` minting/burning, with secure interactions via Solidity interfaces and the CEI pattern. This lesson also covers vital Solidity practices: correct NatSpec comments, the `receive()` ETH function, and indexed event parameters for efficient tracking. Duration: 14min

10. Rebase Token-tests-part-1

A practical walkthrough to Foundry Test Environment Setup for Rebase Tokens - Configure your Foundry test environment to test `RebaseToken` and `Vault` contracts, focusing on the `setup` function for deployments, type casting, and role assignments using `vm.prank`. You'll also begin writing a fuzz test for linear interest, utilizing `bound` for inputs and `vm.deal` for user balances. Duration: 11min

11. Rebase Token-test-part-2

A strategic guide to Bulletproofing Rebase Tokens with Advanced Foundry Fuzzing - Explore advanced Foundry fuzz testing techniques to ensure rebase token robustness, covering input optimization with `bound`, rigorous testing of interest accrual, and validation of redeem/transfer logic. Learn to effectively debug common pitfalls like truncation and overflows, and enhance security through comprehensive access control tests and `forge coverage`. Duration: 43min

12. Vulnerabilities And-cross-chain-intro

13. Bridging

An insightful journey into Understanding Blockchain Bridges: Connecting Isolated Networks - Discover how blockchain bridges serve as vital connectors between disparate networks, learn essential bridging terminology, and understand their necessity in Web3. You'll explore the mechanics behind asset transfers like lock-and-mint, differentiate between native/third-party and centralized/decentralized bridges, and grasp key security practices. Duration: 8min

14. Quiz 11 Quiz

Questions: 7

15. CCIP

A practical guide to Unlocking Cross-Chain Communication with Chainlink CCIP - Learn to bridge blockchains using Chainlink CCIP, mastering its architecture for secure data and token transfers. You'll explore its multi-layered security, including the Risk Management Network, and send your first cross-chain message. Duration: 12min

16. The CCT Standard

An implementer's guide to Chainlink's CCT Standard & Foundry for Cross-Chain Tokens - Master Chainlink's Cross-Chain Token (CCT) Standard, enabling permissionless, developer-owned token pools with enhanced security and programmable transfers. This guide details deploying a Burn & Mint token on testnets using Foundry, from configuration to transfer. Duration: 13min

17. Circle CCTP

An essential guide to Bridging Blockchains with Circle's CCTP - Understand how Circle's Cross-Chain Transfer Protocol (CCTP) enables seamless native USDC movement between networks using its burn-and-mint process, eliminating wrapped token vulnerabilities. You'll explore its architecture, standard vs. fast transfers, and a step-by-step Ethers.js implementation. Duration: 12min

18. Quiz 12 Quiz

Questions: 8

19. Pool Contract

An in-depth walkthrough to Enabling Cross-Chain Rebase Tokens with Chainlink CCIP: A Custom Token Pool Guide - Learn to create a custom Chainlink CCIP token pool in Foundry for rebase tokens, enabling "Burn & Mint" cross-chain functionality. This guide details implementing `lockOrBurn` and `releaseOrMint` to preserve user-specific interest rates. Duration: 31min

20. Finish Pool Contract

A practical debugging walkthrough to Debugging and Finalizing Your RebaseTokenPool Contract - Resolve common Solidity compilation errors in your `RebaseTokenPool` contract and tests using `forge build`. You'll learn to fix incorrect import paths, update function argument calls, and correct the misuse of `abi.decode` for a successful compilation. Duration: 1min

21. Chainlink Local-and-fork-tests

A developer's guide to Mastering Local CCIP Testing with Foundry and Chainlink Local - Set up Foundry to manage multiple local blockchain forks like Sepolia and Arbitrum Sepolia using RPC aliases and cheatcodes such as `vm.createSelectFork` and `vm.makePersistent`. You'll then bridge these forks by deploying Chainlink Local's `CCIPLocalSimulatorFork`, enabling seamless local testing of CCIP message relay. Duration: 11min

22. Deploy Token-test

A practical primer to Deploying Your First Cross-Chain Tokens with Chainlink CCIP in Foundry - Configure your Foundry test environment to simulate Sepolia and Arbitrum Sepolia, deploying `RebaseToken` on both and a `Vault` on the source chain for Chainlink CCIP. Learn to use `vm.createFork`, `vm.selectFork`, and `vm.startPrank` for these initial cross-chain contract deployments. Duration: 4min

23. CCIP Setup-test

An indispensable primer to Setting Up Your CCIP Test Environment in Foundry - Establish your Chainlink CCIP testing grounds in Foundry by deploying key contracts like RebaseToken and TokenPools on forked Sepolia and Arbitrum Sepolia networks. This guide covers troubleshooting type errors, using `CCIPLocalSimulatorFork` to get network specifics, and configuring token permissions and pool links. Duration: 11min

24. Configure Pool-test

An essential setup guide to Activating Cross-Chain CCIP Token Transfers via Pool Configuration - Learn the critical `applyChainUpdates` process to configure Chainlink CCIP Token Pools, enabling them for cross-chain burn & mint operations. This guide shows how to implement this in Foundry, managing local/remote chain settings and `ChainUpdate` structs. Duration: 10min

25. Bridge Function-test

A comprehensive walkthrough to Building a Reusable `bridgeTokens` Test for Chainlink CCIP in Foundry - Discover how to implement a flexible `bridgeTokens` test function in Foundry for validating cross-chain token movements with Chainlink CCIP. This lesson covers `EVM2AnyMessage` creation, fee handling via `CCIPLocalSimulatorFork`, and end-to-end transfer verification. Duration: 21min

26. Quiz 26 Quiz

Questions: 5

27. First Cross-chain-test

An in-depth guide to Testing Cross-Chain Rebase Token Bridging - Master the complexities of testing cross-chain rebase token bridging between Sepolia and Arbitrum Sepolia forks using Foundry and the Chainlink CCIP Local Simulator. You'll handle intricate setup, implement `bridgeTokens`, manage CCIP fees, and simulate message routing. Duration: 11min

28. Vault Deployment-script

A practical guide to Crafting Your Foundry Deployment Script for the Vault Contract - Learn to write a `VaultDeployer.s.sol` script using Foundry, covering essential imports, the `run()` function, and deployment with `vm.startBroadcast`. This lesson shows how to deploy a `Vault` contract, grant it token mint/burn roles, and return the deployed contract instance. Duration: 4min

29. Token And-pool-deployer

A streamlined deployment guide to Automating Token and Pool Deployment for Chainlink CCIP with Foundry - Learn to craft a `Deployer.s.sol` Foundry script for deploying a custom `RebaseToken` and its `RebaseTokenPool`. You'll also automate the essential Chainlink CCIP configurations to enable Burn & Mint token transfers in a local development environment. Duration: 9min

30. Pool Config-script

An essential tutorial to Crafting the `ConfigurePool.s.sol` Script for CCIP Token Pool Configuration - Master building a Foundry script (`ConfigurePool.s.sol`) to configure deployed `TokenPool` contracts for CCIP operations. You'll learn to use `applyChainUpdates`, prepare `ChainUpdate` structs with rate limiters, and ABI-encode addresses for robust cross-chain setup. Duration: 8min

31. Bridging Script

A comprehensive walkthrough to Crafting a Foundry Script for CCIP Token Bridging - Learn to create the `BridgeTokens.s.sol` script for sending ERC20 tokens cross-chain via Chainlink CCIP without data payloads. This guide details constructing the `EVM2AnyMessage`, handling fees, approving tokens, and executing `ccipSend`. Duration: 13min

32. Build Scripts

An in-depth walkthrough to Mastering Cross-Chain Foundry Deployments and `via_ir` Test Stability - Prepare your smart contracts for cross-chain deployment across testnets like Sepolia and zkSync, focusing on successful compilation and secure RPC setup. Dive into resolving the `via_ir` and `vm.warp()` testing conflict in Foundry to ensure your CI pipelines run smoothly with robust tests. Duration: 4min

33. Run Scripts-on-testnet

A step-by-step deployment guide to Deploying Your Cross-Chain Application to Testnets - Deploy contracts to Ethereum Sepolia & ZKsync Sepolia testnets, covering testnet LINK acquisition and using bash scripts (`forge create`/`cast send`) for ZKsync due to Foundry script limitations. Configure your environment with `.env` and Foundry keystore, troubleshoot deployments, and verify cross-chain CCIP transactions. Duration: 15min

34. Cross Chain-message-sucess

A detailed breakdown to Mastering Cross-Chain Token Transfers: A CCIP Case Study with Rebase Tokens (RBT) - Get a detailed breakdown of verifying a Rebase Token (RBT) cross-chain transfer via Chainlink CCIP from Ethereum Sepolia to ZKsync Sepolia. Master using the CCIP Explorer to interpret transaction details and confirm token receipt in Metamask on the ZKsync Sepolia network. Duration: 3min

35. Outro

An architectural review of Mastering Cross-Chain Rebase Tokens: A Comprehensive Recap - Revisit the complete architecture of a cross-chain rebase token, including `RebaseToken` mechanics, `Vault` interactions, and CCIP integration. Discover how Foundry scripts automate deployment and testing, culminating in a live cross-chain transaction. Duration: 3min

36. Quiz 13 Quiz