Advanced Foundry - Vulnerabilities And-cross-chain-intro

Support

## Vulnerabilities and cross-chain intro We are going to talk about a rebase token that uses a linear interest rate. This means we are keeping things as simple as possible. However, we need to be aware of a few vulnerabilities in the design. The first vulnerability is a potential problem with the `transfer()` and `transferFrom()` functions. If we send tokens to a user who hasn't yet deposited and therefore doesn't have an interest rate, they will inherit the interest rate of the sending wallet. This creates a potential problem where a user could send a small amount of tokens to a new user very early on, when the interest rate is high. Then, later on when the interest rate has decreased, they can send a large amount of tokens to the same user. The user then gets to apply the higher interest rate to both the initial small deposit and the later large deposit. The second vulnerability is in the way we calculate the user's balance. The `balanceOf()` function multiplies the number of tokens minted by the user by one plus the accrued interest. However, if the user burns tokens, we mint them the accrued interest and then increase their balance, which means the `balanceOf()` function will return a higher number because of the interest earned from the burned tokens. This isn't a critical issue, but it means we need to be careful about how we implement the contract. If the user starts burning tokens quickly, they could potentially end up with an inflated balance, as the interest is being applied to the burned tokens as well. We can address this by implementing a minimum amount of tokens that the user can burn or transfer. Alternatively, we can create a deposited struct that tracks the interest rate and the deposit time for every user, which would mean that we can calculate the balance more accurately. However, this might make the cross-chain aspect more difficult to implement. We will now discuss cross-chain transfers. To do this, we will need to use a standard called a Cross-Chain Token Standard, provided by Chainlink. This standard makes it possible to send tokens across different blockchains. The Cross-Chain Token Standard is completely permissionless. We don't need to go through a central authority or wait for Chainlink to sign off on every transaction. This means that we can send our tokens across blockchains completely independently. We are going to do a brief overview of bridging and CCIP and then we will discuss how to implement our cross-chain rebase token.

Vulnerabilities And-cross-chain-intro

A basic guide to rebase tokens and cross-chain - This lesson covers a practical example of a rebase token with cross-chain features built into the design, including two main design flaws that were addressed. Learn what these design flaws are, how to implement cross-chain transfers, and how to bridge your tokens cross-chain.

Course Overview

About the course

What you'll learn

Advanced smart contract development

How to develop a stablecoin

How to develop a DeFi protocol

How to develop a DAO

Advanced smart contracts testing

Fuzz testing

Manual verification

Course Description

Who is this course for?

Engineers
Smart Contract Security researchers

Potential Careers

Web3 Developer Relations

$85,000 - $125,000 (avg. salary)

Web3 developer

$60,000 - $150,000 (avg. salary)

Smart Contract Engineer

$100,000 - $150,000 (avg. salary)

Smart Contract Auditor

$100,000 - $200,000 (avg. salary)

Security researcher

$49,999 - $120,000 (avg. salary)

Meet your instructors

Patrick Collins

Founder at Cyfrin

Web3 engineer, educator, and Cyfrin co-founder. Patrick's smart contract development and security courses have helped hundreds of thousands of engineers kickstarting their careers into web3.

Guest lecturers:

Juliette Chevalier

Lead Developer relations at Aragon

Ciara Nightingale

Developer relations at Thirdweb

Vasiliy Gualoto

Developer relations at Cyfrin

Nader Dabit

Director of developer relations at Avara

Ally Haire

Developer relations at Protocol Labs

Harrison

Founder at GasliteGG

Vitto Rivabella

Lead Developer relations at Cyfrin

Last updated on March 11, 2025

Thanks for checking us out

Start learning for free

Start for free

Solidity Developer

Advanced Foundry

Section 1: Develop an ERC20 Crypto Currency

Duration: 36min

Section 2: Develop an NFTs Collection

Duration: 3h 06min

Section 3: Develop a DeFi Protocol

Duration: 5h 02min

Section 4: Cross Chain Rebase Token

Duration: 6h 02min

1. Introduction

A comprehensive guide to building cross-chain rebased tokens. This lesson covers the fundamentals of creating a rebased token and explores advanced functionalities like using the 'super' keyword, advanced testing with fork tests and more. Duration: 3min

2. What Is-a-rebase-token

A simple explainer to rebase tokens - This lesson covers the basic concepts of rebase tokens and how they differ from typical cryptocurrencies. We'll also explore some real-world examples including Aave, and how rebase tokens are used in DeFi. Duration: 2min

3. Rebase Token-code-structure

A detailed guide to building a cross-chain rebase token. This lesson covers the basics of rebase tokens, including how to design a contract that accrues interest dynamically, how to set an individual interest rate for users, and how to update the global interest rate. Duration: 9min

4. Writing The-rebase-token-contract

A complete guide to creating a rebase token - This lesson covers creating a rebase token smart contract by inheriting the ERC20 contract from OpenZeppelin, setting the global interest rate, creating a mint function to mint accrued interest, and creating a balance of function to calculate the balance of the user, including the interest that has accrued since the last time the user balance was updated. Duration: 33min

5. Mintinterest And-burn-functions

A comprehensive guide to creating mint and burn functions for a rebase token - This lesson covers the creation of a mintAccruedInterest function to mint interest earned to the user's balance. It then explores the concept of dust and the creation of a burn function to address this. Duration: 9min

6. Finish Rebase-token-contract

A comprehensive guide to finishing a rebase token smart contract. The lesson covers overriding important functions within OpenZeppelin's ERC20 contract for a rebase token, including transfer, transferFrom, and totalSupply. Also, the lesson shows how to implement access control to a setInterestRate function that allows for interest rate to only decrease. Duration: 16min

7. Access Control

A technical guide to Access Control in Solidity - Learn about how to implement access control in your Solidity smart contracts using OpenZeppelin's Ownable contract, which allows for a single owner to control the contract. This guide also touches on using OpenZeppelin's AccessControl contract, which allows for granting various roles to different accounts. Duration: 12min

8. Vault And-natspec

A comprehensive guide to building a Vault contract in Solidity. This lesson covers the fundamentals of creating a Vault contract, including how to pass in the token address to the constructor, create deposit and redeem functions, add rewards to the vault, implement a receive() function, and utilize interfaces to interact with other contracts. Duration: 14min

9. Rebase Token-tests-part-1

A comprehensive guide to creating a rebase token test in Solidity using Foundry. The lesson covers the process of creating a new test file, importing dependencies, writing a basic setup function, and finally deploying the test. It then demonstrates how to interact with the rebase token to create a deposit and redeem. This lesson also introduces fuzz testing to ensure that the rebase token functions correctly under a wide range of inputs. Duration: 11min

10. Rebase Token-test-part-2

A complete guide to testing a rebase token in Solidity. This lesson covers the important aspects of testing your rebase token, including linear interest, the ability to redeem, and the ability to transfer tokens to another chain. Duration: 43min

11. Vulnerabilities And-cross-chain-intro

12. Bridging

A comprehensive introduction to blockchain bridges. This lesson covers what a blockchain bridge is, how they work, the different types of bridges, and the benefits of cross-chain interoperability. Duration: 8min

13. Ccip

A comprehensive guide to Chainlink CCIP - This lesson covers the basic functionality of Chainlink CCIP, the decentralized framework for secure cross-chain messaging. It teaches you how to send a message and some tokens across chains via CCIP with detailed explanations and examples. Duration: 12min

14. The Cct-standard

A comprehensive guide to the Chainlink CCIP Cross Chain Token Standard. This lesson will cover the basics of the standard, two main reasons it was built, a quick architectural overview, and a demonstration of deploying a cross-chain token using the Chainlink CCIP tutorials. Duration: 13min

15. Circle CCTP New

A comprehensive guide to Circle's Cross Chain Transfer Protocol or CCTP. The lesson covers the basics of CCTP, a solution for moving USDC across different blockchains, the two transfer methods, standard and fast, as well as the security features of this protocol. Duration: 12min

16. Pool Contract

Duration: 31min

17. Finish Pool-contract

A technical guide to finishing the pool contract in a Solidity smart contract project. The lesson covers how to finish building a smart contract pool, including how to use the proper file paths in the import statements, and how to properly pass arguments to the function when setting interest rates. Duration: 1min

18. Chainlink Local-and-fork-tests

A practical guide to Chainlink local and fork tests. The lesson covers the basics of setting up a Chainlink local test environment, including installing the necessary dependencies, importing the CCIP local simulator, creating forks, and deploying your contracts. Duration: 11min

19. Deploy Token-test

A comprehensive guide to deploying your first Cross Chain Token using Chainlink CCIP. This tutorial takes you step by step through deploying your tokens on both the source and destination chains using Foundry, and configuring the mint and burn permissions for your tokens to use CCIP for cross-chain transfers. Duration: 4min

20. Ccip Setup-test

Duration: 11min

21. Configure Pool-test

A detailed guide to configuring token pools using CCIP in Solidity. The lesson covers the basics of using the `applyChainUpdates` function inside of the `TokenPool` library to enable cross-chain communication between Sepolia and Arbitrum Sepolia. It also covers importing the `RateLimiter` library to configure rate limits for the token pool. Duration: 10min

22. Bridge Function-test

A comprehensive guide to cross-chain token transfers using CCIP - This lesson explores the process of cross-chain token transfers, covering the steps involved in creating the necessary EVM2AnyMessage struct, interacting with the router to get the fee, and finally, sending the tokens across chains. Duration: 21min

23. First Cross-chain-test

A comprehensive guide to creating a cross-chain token using Chainlink. The lesson dives into the world of cross-chain communication using Chainlink, demonstrating how to build a smart contract to bridge tokens across different blockchains. The lesson covers setting up a development environment, creating forks, configuring token pools, and bridging tokens in a step-by-step approach. Duration: 11min

24. Vault Deployment-script

A comprehensive guide to deploying a Vault smart contract using Forge. The lesson explains the process of building a deployer script that automatically sets the permissions necessary for CCIP and demonstrates how to call the functions to properly deploy the Vault and grant the required permissions. Duration: 4min

25. Token And-pool-deployer

A comprehensive guide to deploying a rebase token and a rebase token pool using Chainlink CCIP on a local simulator fork. This lesson covers creating a Solidity script that first deploys a rebase token, then deploys a rebase token pool, then configures the Chainlink CCIP network, and finally grants the newly deployed token pool the mint and burn role. Duration: 9min

26. Pool Config-script

A comprehensive guide to configuring pools in a CCIP rebase token project. The lesson covers the creation of Solidity scripts for pool configuration, including how to import necessary contracts and libraries, define functions, and set up rate limiter configurations. Duration: 8min

27. Bridging Script

A comprehensive guide to bridging tokens with ccip on zkSync - The lesson covers the process of creating a Solidity smart contract to bridge tokens from a Sepolia network to a zkSync Sepolia network, with a focus on using the ccip protocol for cross chain communications. Duration: 13min

28. Build Scripts

A comprehensive guide to building cross-chain scripts for token rebasing - This lesson explains the process of building cross-chain scripts for token rebasing, including deploying contracts, testing, and deploying to a live test net. The lesson also includes important information regarding potential issues that may occur with using a 'via_ir' variable in Foundry to test scripts. Duration: 4min

29. Run Scripts-on-testnet

A practical guide to testing and deploying a rebase token across chains using Chainlink’s CCIP. The video covers how to create a rebase token, deploy it on a test network, and use Chainlink’s CCIP to bridge it across chains, along with helpful tips for overcoming potential hurdles. Duration: 15min

30. Cross Chain-message-sucess

A complete walkthrough to creating a rebase token and enabling it for cross-chain transfers! This lesson covers the details of creating a rebase token, deploying it to a testnet, and sending the rebase token across chains. Duration: 3min

31. Outro

A comprehensive recap of the rebase token project. The lesson covers the basics of setting up a rebase token, deploying contracts on Sepolia, and sending tokens cross chain. Duration: 3min

Section 5: Airdrop and Signatures

Duration: 2h 47min

Section 6: Upgradeable Smart Contracts

Duration: 1h 23min

Section 7: Account Abstraction

Duration: 4h 28min

Section 8: DAOs

Duration: 1h 19min

Section 9: Security

Duration: 1h 10min