Static Analysis Continued

Patrick continues to go through the findings of our static analysis tools: Slither & Aderyn.

Solidity Developer

Smart Contract Security
1. Introduction
Introducing the Thunder Loan protocol, based off Aave/Compound. Section covers borrowing and lending, pricing information, and upgradeable contracts. Duration: 6min
2. Phase 1: Scoping
Patrick dives into the scoping phase of Thunder Loan. Known issues found in the code base are discussed. Duration: 4min
3. Reading The Docs
Patrick showcases Aave & Compound integration, allowing users to create flash loans and liquidity providers to earn from deposits. Duration: 4min
4. What is a Flash Loan?
Patrick explains DEX arbitrage using an example and introduces flash loans for Web3 finance. Duration: 4min
5. Pay Back Or Revert
Dives deeper into how flashloans work and the requirement of repayment in a single transaction. Duration: 4min
6. Liquidity Providers
Overview - Flash Loans & Liquidity Providers.' Emphasis on liquidity providers, flash loans, transaction fees, and benefits for depositors. Duration: 2min
7. Arbitrage Walkthrough
How flash loans enable smaller traders to capitalize on arbitrage opportunities. Covers the significance of single transaction paybacks. Duration: 5min
8. Are Flash Loans Bad?
Flash loans: Leverage arbitrage in DeFi, enabling all users to act like 'whales' without needing significant wealth. Duration: 1min
9. Recap
We're provided a summary of flash loans, arbitrage and how it all works in this recap of what we've just learnt. Duration: 3min
10. Recon Continued
A quick guide to understanding the basis of borrowing/lending through flash loans. Emphasis on smart contract upgradeability and interactions in DeFi systems. Duration: 4min
11. Static Analysis - Slither & Aderyn
Learn how to use Slither & Aderyn by applying these powerful static analysis tools to Thunder Loan! Duration: 7min
12. Exploit: Centralization
Learn the impact of centralization and discuss the importance of reporting such risks in private audits. Highlights case studies like Oasis. Duration: 3min
13. Case Study: Oasis
Learn all about the Oasis court case and explore its significant implications in the DeFi ecosystem in this case study. Duration: 3min
14. Static Analysis Continued
Patrick continues to go through the findings of our static analysis tools: Slither & Aderyn. Duration: 3min
15. Recon IPoolFactory
Patrick provides a walkthrough for conducting a first pass review of IPoolFactory.sol. Duration: 6min
16. ITSwapPool.sol
Patrick conducts a quick review on the surprisingly simple ITSwapPool.sol interface. Duration: 2min
17. IThunderLoan.sol
Patrick highlights inconsistencies between a Thunder Loan contract and its interface. Duration: 3min
18. IFlashloanReceiver.sol
Learn the significance of checking for NATSPEC, reviewing code thoroughly, and understanding code structure for identifying possible vulnerabilities. Duration: 7min
19. OracleUpgradeable.sol
Learn the "Tincho" method for upgradeable contracts, highlighting proxies and initializable contracts without constructors. Duration: 5min
20. Exploit: Failure To Initialize
Learn the importance of properly initializing during set up to prevent unauthorized changes to a protocol. Duration: 3min
21. Failure To Initialize: Remix
Showcasing the failure to initialize vulnerability within Remix! Duration: 2min
22. Case Study: Failure To Initialize
Dive into the Parity Wallet case study on the consequences of failing to initialize. Duration: 3min
23. OracleUpgradeable Continued
"GetPriceInWeth" Function Inspection. Duration: 4min
24. AssetToken.sol
Reviewing the functionality of AssetToken.sol and understanding how the code works. Duration: 10min
25. AssetToken.sol:updateExchangeRate
Patrick reviews the updateExchangeRate function, highlighting key parameters like fees, total supply, and potential gas usage issues. Duration: 6min
26. Thunderloan: Starting At The Top
Patrick begins his review of ThunderLoan.sol with an assessment of imports. Duration: 9min
27. ThunderLoan Functions
Explore key functions like deposit and setAllowedToken. Security is emphasized through thorough documentation. Duration: 8min
28. Testing Deleting Mappings
Patrick demonstrates using Chisel to test mapping deletion in a handler. Duration: 3min
29. Note On Linear Progress
Patrick touches on the linear vs non-linear nature of security reviews. Duration: 2min
30. ThunderLoan Continued
Patrick covers depositing an asset token, setting up the exchange rate and transferring funds to the Asset Token contract. Duration: 5min
31. Diagramming ThunderLoan
Patrick walks through diagramming Thunder Loan with emphasis on visualization using diagrams for better comprehension. Duration: 1min
32. ThunderLoan.sol Redeem
Token Deposit & Redemption, NAT Spec & Exchange Rates. Importance of clear docs, maths checks, avoiding re-entrancy attacks, using Chisel for code verification. Duration: 5min
33. ThunderLoan flashLoan
A review of the flashLoan function in ThunderLoan.sol. Patrick continues his search for vulnerabilities. Duration: 14min
34. Note On Being Discouraged
'Discouragement during security review: Non-linear progress & perseverance.' Patrick highlights important points on remaining motivated. Duration: 1min
35. ThunderLoan Repay Final Functions
Focuses on the repay function and getCalculatedFee function, highlighting their features and potential areas of improvement. Duration: 8min
36. Answering Our Questions
Patrick begins answering the questions we posed earlier in our review of Thunder Loan based on our scoping experience. Duration: 9min
37. Improving Test Coverage To Find A High
Writing tests to improve code base coverage can be a great way to spot vulnerabilities early in a review, Patrick demonstrates. Duration: 16min
38. Exploit: Oracle Manipulation
Patrick uncovers and details an oracle manipulation vulnerability within Thunder Loan. Duration: 2min
39. Oracle Manipulation: Minimized
Patrick showcases a minimalistic example of the Oracle Manipulation vulnerability. Duration: 10min
40. Oracle Manipulation: ThunderLoan Poc
Patrick walks through a proof of code for our identified oracle manipulation vulnerability. Duration: 29min
41. Oracle Manipulation: Recap
Flash Loan Exploits & Manipulating DEX Prices Duration: 3min
42. Exploit: Deposit Instead Of Repay
Patrick identifies storage slot swaps that occur in the upgrade process of Thunder Loan potentially leading to storage collisions! Duration: 17min
43. Exploit: Storage Collision
Dive deep into data storage in Solidity smart contracts, including variables, mappings, arrays, constants, and function-declared variables. Duration: 3min
44. Storage Collision: Diagram
Explore a Remix demonstration of storage collision and the dive into the potential impacts of it on upgradeable smart contract protocols. Duration: 2min
45. Storage Collision: Remix Example
Patrick explains how to set up and run an assertion test for detecting storage collisions during smart contract upgrades. Duration: 4min
46. Storage Collision: PoC
Patrick walks through the proof of code for our discovered storage collision vulnerability. Duration: 3min
47. Reporting: Storage Collision
Learn about storage collision in upgradeable contracts. Addresses the significance of proxies and their role in centralization within Web3. Duration: 7min
48. Wrapping Up
Learn to create your own audit report with Pandoc! Patrick encourages you to sign up for first flights and join competitive audits on CodeHawks. Duration: 2min
49. Section 6 Recap
Patrick emphasizes the importance of knowing popular protocols. He recaps exploits like failure to initialize, storage collisions, centralization, oracle price manipulation. Duration: 6min

Testimonials

Students Reviews

Read what our students have to say about this course.

Chainlink

Chainlink

Chainlink

Gustavo Gonzalez

Gustavo Gonzalez

Solutions Engineer at OpenZeppelin

Francesco Andreoli

Francesco Andreoli

Lead Devrel at Metamask

Albert Hu

Albert Hu

DeForm Founding Engineer

Radek

Radek

Senior Developer Advocate at Ceramic

Boidushya

Boidushya

WalletConnect

Idris

Idris

Developer Relations Engineer at Axelar

Cyfrin
Updraft
CodeHawks
Solodit
Resources