ThunderLoan flashLoan

A review of the flashLoan function in ThunderLoan.sol. Patrick continues his search for vulnerabilities.

Solidity Developer

Smart Contract Security

1. Introduction
Introducing the Thunder Loan protocol, based off Aave/Compound. Section covers borrowing and lending, pricing information, and upgradeable contracts. Duration: 6min
2. Phase 1: Scoping
Patrick dives into the scoping phase of Thunder Loan. Known issues found in the code base are discussed. Duration: 4min
3. Reading The Docs
Patrick showcases Aave & Compound integration, allowing users to create flash loans and liquidity providers to earn from deposits. Duration: 4min
4. What is a Flash Loan?
Patrick explains DEX arbitrage using an example and introduces flash loans for Web3 finance. Duration: 4min
5. Pay Back Or Revert
Dives deeper into how flashloans work and the requirement of repayment in a single transaction. Duration: 4min
6. Liquidity Providers
Overview - Flash Loans & Liquidity Providers.' Emphasis on liquidity providers, flash loans, transaction fees, and benefits for depositors. Duration: 2min
7. Arbitrage Walkthrough
How flash loans enable smaller traders to capitalize on arbitrage opportunities. Covers the significance of single transaction paybacks. Duration: 5min
8. Are Flash Loans Bad?
Flash loans: Leverage arbitrage in DeFi, enabling all users to act like 'whales' without needing significant wealth. Duration: 1min
9. Recap
We're provided a summary of flash loans, arbitrage and how it all works in this recap of what we've just learnt. Duration: 3min
10. Recon Continued
A quick guide to understanding the basis of borrowing/lending through flash loans. Emphasis on smart contract upgradeability and interactions in DeFi systems. Duration: 4min
11. Static Analysis - Slither & Aderyn
Learn how to use Slither & Aderyn by applying these powerful static analysis tools to Thunder Loan! Duration: 7min
12. Exploit: Centralization
Learn the impact of centralization and discuss the importance of reporting such risks in private audits. Highlights case studies like Oasis. Duration: 3min
13. Case Study: Oasis
Learn all about the Oasis court case and explore its significant implications in the DeFi ecosystem in this case study. Duration: 3min
14. Static Analysis Continued
Patrick continues to go through the findings of our static analysis tools: Slither & Aderyn. Duration: 3min
15. Recon IPoolFactory
Patrick provides a walkthrough for conducting a first pass review of IPoolFactory.sol. Duration: 6min
16. ITSwapPool.sol
Patrick conducts a quick review on the surprisingly simple ITSwapPool.sol interface. Duration: 2min
17. IThunderLoan.sol
Patrick highlights inconsistencies between a Thunder Loan contract and its interface. Duration: 3min
18. IFlashloanReceiver.sol
Learn the significance of checking for NATSPEC, reviewing code thoroughly, and understanding code structure for identifying possible vulnerabilities. Duration: 7min
19. OracleUpgradeable.sol
Learn the "Tincho" method for upgradeable contracts, highlighting proxies and initializable contracts without constructors. Duration: 5min
20. Exploit: Failure To Initialize
Learn the importance of properly initializing during set up to prevent unauthorized changes to a protocol. Duration: 3min
21. Failure To Initialize: Remix
Showcasing the failure to initialize vulnerability within Remix! Duration: 2min
22. Case Study: Failure To Initialize
Dive into the Parity Wallet case study on the consequences of failing to initialize. Duration: 3min
23. OracleUpgradeable Continued
"GetPriceInWeth" Function Inspection. Duration: 4min
24. AssetToken.sol
Reviewing the functionality of AssetToken.sol and understanding how the code works. Duration: 10min
25. AssetToken.sol:updateExchangeRate
Patrick reviews the updateExchangeRate function, highlighting key parameters like fees, total supply, and potential gas usage issues. Duration: 6min
26. Thunderloan: Starting At The Top
Patrick begins his review of ThunderLoan.sol with an assessment of imports. Duration: 9min
27. ThunderLoan Functions
Explore key functions like deposit and setAllowedToken. Security is emphasized through thorough documentation. Duration: 8min
28. Testing Deleting Mappings
Patrick demonstrates using Chisel to test mapping deletion in a handler. Duration: 3min
29. Note On Linear Progress
Patrick touches on the linear vs non-linear nature of security reviews. Duration: 2min
30. ThunderLoan Continued
Patrick covers depositing an asset token, setting up the exchange rate and transferring funds to the Asset Token contract. Duration: 5min
31. Diagramming ThunderLoan
Patrick walks through diagramming Thunder Loan with emphasis on visualization using diagrams for better comprehension. Duration: 1min
32. ThunderLoan.sol Redeem
Token Deposit & Redemption, NAT Spec & Exchange Rates. Importance of clear docs, maths checks, avoiding re-entrancy attacks, using Chisel for code verification. Duration: 5min
33. ThunderLoan flashLoan
A review of the flashLoan function in ThunderLoan.sol. Patrick continues his search for vulnerabilities. Duration: 14min
34. Note On Being Discouraged
'Discouragement during security review: Non-linear progress & perseverance.' Patrick highlights important points on remaining motivated. Duration: 1min
35. ThunderLoan Repay Final Functions
Focuses on the repay function and getCalculatedFee function, highlighting their features and potential areas of improvement. Duration: 8min
36. Answering Our Questions
Patrick begins answering the questions we posed earlier in our review of Thunder Loan based on our scoping experience. Duration: 9min
37. Improving Test Coverage To Find A High
Writing tests to improve code base coverage can be a great way to spot vulnerabilities early in a review, Patrick demonstrates. Duration: 16min
38. Exploit: Oracle Manipulation
Patrick uncovers and details an oracle manipulation vulnerability within Thunder Loan. Duration: 2min
39. Oracle Manipulation: Minimized
Patrick showcases a minimalistic example of the Oracle Manipulation vulnerability. Duration: 10min
40. Oracle Manipulation: ThunderLoan Poc
Patrick walks through a proof of code for our identified oracle manipulation vulnerability. Duration: 29min
41. Oracle Manipulation: Recap
Flash Loan Exploits & Manipulating DEX Prices Duration: 3min
42. Exploit: Deposit Instead Of Repay
Patrick identifies storage slot swaps that occur in the upgrade process of Thunder Loan potentially leading to storage collisions! Duration: 17min
43. Exploit: Storage Collision
Dive deep into data storage in Solidity smart contracts, including variables, mappings, arrays, constants, and function-declared variables. Duration: 3min
44. Storage Collision: Diagram
Explore a Remix demonstration of storage collision and the dive into the potential impacts of it on upgradeable smart contract protocols. Duration: 2min
45. Storage Collision: Remix Example
Patrick explains how to set up and run an assertion test for detecting storage collisions during smart contract upgrades. Duration: 4min
46. Storage Collision: PoC
Patrick walks through the proof of code for our discovered storage collision vulnerability. Duration: 3min
47. Reporting: Storage Collision
Learn about storage collision in upgradeable contracts. Addresses the significance of proxies and their role in centralization within Web3. Duration: 7min
48. Wrapping Up
Learn to create your own audit report with Pandoc! Patrick encourages you to sign up for first flights and join competitive audits on CodeHawks. Duration: 2min
49. Section 6 Recap
Patrick emphasizes the importance of knowing popular protocols. He recaps exploits like failure to initialize, storage collisions, centralization, oracle price manipulation. Duration: 6min