### A Note On The Linear Progress Of Security Reviews Alright, we've got a much better understanding of how tokens are allowed and disallowed in `Thunder Loan` through the `setAllowedToken` function. We were on this side quest, if you recall, because we needed a better understanding of the requirements of the `deposit` function, which we'll return to soon. But, now's a great opportunity to take a moment to mention an inherent feature of security reviews. **_Security reviews are not linear._** What I mean by this is, we've assessed much of this code base so far already and we haven't really found any bugs. We've spotted a few informationals, but nothing protocol breaking so far. This is pretty typical. It's far more likely for security researchers to uncover the majority of their bugs nearing the end of their review when the greatest context and understanding of the protocol is achieved. It's not uncommon for the discovery of one vulnerability to snowball into exploits elsewhere and the process can become exponential. Ultimately, don't be discouraged if you don't find anything immediately, perseverance is key! Let's keep going!
Note On Linear Progress
Patrick touches on the linear vs non-linear nature of security reviews.
Solidity Developer
Smart Contract Security1. Introduction
Introducing the Thunder Loan protocol, based off Aave/Compound. Section covers borrowing and lending, pricing information, and upgradeable contracts. Duration: 6min
2. Phase 1: Scoping
Patrick dives into the scoping phase of Thunder Loan. Known issues found in the code base are discussed. Duration: 4min
3. Reading The Docs
Patrick showcases Aave & Compound integration, allowing users to create flash loans and liquidity providers to earn from deposits. Duration: 4min
4. What is a Flash Loan?
Patrick explains DEX arbitrage using an example and introduces flash loans for Web3 finance. Duration: 4min
5. Pay Back Or Revert
Dives deeper into how flashloans work and the requirement of repayment in a single transaction. Duration: 4min
6. Liquidity Providers
Overview - Flash Loans & Liquidity Providers.' Emphasis on liquidity providers, flash loans, transaction fees, and benefits for depositors. Duration: 2min
7. Arbitrage Walkthrough
How flash loans enable smaller traders to capitalize on arbitrage opportunities. Covers the significance of single transaction paybacks. Duration: 5min
8. Are Flash Loans Bad?
Flash loans: Leverage arbitrage in DeFi, enabling all users to act like 'whales' without needing significant wealth. Duration: 1min
9. Recap
We're provided a summary of flash loans, arbitrage and how it all works in this recap of what we've just learnt. Duration: 3min
10. Recon Continued
A quick guide to understanding the basis of borrowing/lending through flash loans. Emphasis on smart contract upgradeability and interactions in DeFi systems. Duration: 4min
11. Static Analysis - Slither & Aderyn
Learn how to use Slither & Aderyn by applying these powerful static analysis tools to Thunder Loan! Duration: 7min
12. Exploit: Centralization
Learn the impact of centralization and discuss the importance of reporting such risks in private audits. Highlights case studies like Oasis. Duration: 3min
13. Case Study: Oasis
Learn all about the Oasis court case and explore its significant implications in the DeFi ecosystem in this case study. Duration: 3min
14. Static Analysis Continued
Patrick continues to go through the findings of our static analysis tools: Slither & Aderyn. Duration: 3min
15. Recon IPoolFactory
Patrick provides a walkthrough for conducting a first pass review of IPoolFactory.sol. Duration: 6min
16. ITSwapPool.sol
Patrick conducts a quick review on the surprisingly simple ITSwapPool.sol interface. Duration: 2min
17. IThunderLoan.sol
Patrick highlights inconsistencies between a Thunder Loan contract and its interface. Duration: 3min
18. IFlashloanReceiver.sol
Learn the significance of checking for NATSPEC, reviewing code thoroughly, and understanding code structure for identifying possible vulnerabilities. Duration: 7min
19. OracleUpgradeable.sol
Learn the "Tincho" method for upgradeable contracts, highlighting proxies and initializable contracts without constructors. Duration: 5min
20. Exploit: Failure To Initialize
Learn the importance of properly initializing during set up to prevent unauthorized changes to a protocol. Duration: 3min
21. Failure To Initialize: Remix
Showcasing the failure to initialize vulnerability within Remix! Duration: 2min
22. Case Study: Failure To Initialize
Dive into the Parity Wallet case study on the consequences of failing to initialize. Duration: 3min
23. OracleUpgradeable Continued
"GetPriceInWeth" Function Inspection. Duration: 4min
24. AssetToken.sol
Reviewing the functionality of AssetToken.sol and understanding how the code works. Duration: 10min
25. AssetToken.sol:updateExchangeRate
Patrick reviews the updateExchangeRate function, highlighting key parameters like fees, total supply, and potential gas usage issues. Duration: 6min
26. Thunderloan: Starting At The Top
Patrick begins his review of ThunderLoan.sol with an assessment of imports. Duration: 9min
27. ThunderLoan Functions
Explore key functions like deposit and setAllowedToken. Security is emphasized through thorough documentation. Duration: 8min
28. Testing Deleting Mappings
Patrick demonstrates using Chisel to test mapping deletion in a handler. Duration: 3min
29. Note On Linear Progress
Patrick touches on the linear vs non-linear nature of security reviews. Duration: 2min
30. ThunderLoan Continued
Patrick covers depositing an asset token, setting up the exchange rate and transferring funds to the Asset Token contract. Duration: 5min
31. Diagramming ThunderLoan
Patrick walks through diagramming Thunder Loan with emphasis on visualization using diagrams for better comprehension. Duration: 1min
32. ThunderLoan.sol Redeem
Token Deposit & Redemption, NAT Spec & Exchange Rates. Importance of clear docs, maths checks, avoiding re-entrancy attacks, using Chisel for code verification. Duration: 5min
33. ThunderLoan flashLoan
A review of the flashLoan function in ThunderLoan.sol. Patrick continues his search for vulnerabilities. Duration: 14min
34. Note On Being Discouraged
'Discouragement during security review: Non-linear progress & perseverance.' Patrick highlights important points on remaining motivated. Duration: 1min
35. ThunderLoan Repay Final Functions
Focuses on the repay function and getCalculatedFee function, highlighting their features and potential areas of improvement. Duration: 8min
36. Answering Our Questions
Patrick begins answering the questions we posed earlier in our review of Thunder Loan based on our scoping experience. Duration: 9min
37. Improving Test Coverage To Find A High
Writing tests to improve code base coverage can be a great way to spot vulnerabilities early in a review, Patrick demonstrates. Duration: 16min
38. Exploit: Oracle Manipulation
Patrick uncovers and details an oracle manipulation vulnerability within Thunder Loan. Duration: 2min
39. Oracle Manipulation: Minimized
Patrick showcases a minimalistic example of the Oracle Manipulation vulnerability. Duration: 10min
40. Oracle Manipulation: ThunderLoan Poc
Patrick walks through a proof of code for our identified oracle manipulation vulnerability. Duration: 29min
41. Oracle Manipulation: Recap
Flash Loan Exploits & Manipulating DEX Prices Duration: 3min
42. Exploit: Deposit Instead Of Repay
Patrick identifies storage slot swaps that occur in the upgrade process of Thunder Loan potentially leading to storage collisions! Duration: 17min
43. Exploit: Storage Collision
Dive deep into data storage in Solidity smart contracts, including variables, mappings, arrays, constants, and function-declared variables. Duration: 3min
44. Storage Collision: Diagram
Explore a Remix demonstration of storage collision and the dive into the potential impacts of it on upgradeable smart contract protocols. Duration: 2min
45. Storage Collision: Remix Example
Patrick explains how to set up and run an assertion test for detecting storage collisions during smart contract upgrades. Duration: 4min
46. Storage Collision: PoC
Patrick walks through the proof of code for our discovered storage collision vulnerability. Duration: 3min
47. Reporting: Storage Collision
Learn about storage collision in upgradeable contracts. Addresses the significance of proxies and their role in centralization within Web3. Duration: 7min
48. Wrapping Up
Learn to create your own audit report with Pandoc! Patrick encourages you to sign up for first flights and join competitive audits on CodeHawks. Duration: 2min
49. Section 6 Recap
Patrick emphasizes the importance of knowing popular protocols. He recaps exploits like failure to initialize, storage collisions, centralization, oracle price manipulation. Duration: 6min
Testimonials
Students Reviews
Read what our students have to say about this course.
Chainlink
Chainlink
Gustavo Gonzalez
Solutions Engineer at OpenZeppelin
Francesco Andreoli
Lead Devrel at Metamask
Albert Hu
DeForm Founding Engineer
Radek
Senior Developer Advocate at Ceramic
Boidushya
WalletConnect
Idris
Developer Relations Engineer at Axelar