### A Note On The Linear Progress Of Security Reviews Alright, we've got a much better understanding of how tokens are allowed and disallowed in `Thunder Loan` through the `setAllowedToken` function. We were on this side quest, if you recall, because we needed a better understanding of the requirements of the `deposit` function, which we'll return to soon. But, now's a great opportunity to take a moment to mention an inherent feature of security reviews. **_Security reviews are not linear._** What I mean by this is, we've assessed much of this code base so far already and we haven't really found any bugs. We've spotted a few informationals, but nothing protocol breaking so far. This is pretty typical. It's far more likely for security researchers to uncover the majority of their bugs nearing the end of their review when the greatest context and understanding of the protocol is achieved. It's not uncommon for the discovery of one vulnerability to snowball into exploits elsewhere and the process can become exponential. Ultimately, don't be discouraged if you don't find anything immediately, perseverance is key! Let's keep going!
Patrick touches on the linear vs non-linear nature of security reviews.
Previous lesson
Previous
Next lesson
Next
Give us feedback
Solidity Developer
Smart Contract SecurityDuration: 25min
Duration: 1h 18min
Duration: 35min
Duration: 2h 28min
Duration: 5h 03min
Duration: 5h 22min
Duration: 4h 33min
Duration: 2h 01min
Duration: 1h 40min
Testimonials
Read what our students have to say about this course.
Chainlink
Chainlink
Gustavo Gonzalez
Solutions Engineer at OpenZeppelin
Francesco Andreoli
Lead Devrel at Metamask
Albert Hu
DeForm Founding Engineer
Radek
Senior Developer Advocate at Ceramic
Boidushya
WalletConnect
Idris
Developer Relations Engineer at Axelar