Share this page!

Patrick Collins Profile picture
Twitter logo
May 2 โ€ข 8 tweets โ€ข 4 min read
๐Ÿ›ก How to get prices securely in web3

๐ŸงตA thread

We've seen way too many hacks with this DeFi 101 issue. Please spread this message.

1. Don't ever use low liquidity tokens

2. Use a decentralized oracle like @chainlink

3. TWAPs are scary AF

And the most important one... ๐Ÿ‘‡
A
๐Ÿ‘
DEX
๐Ÿ‘
IS
๐Ÿ‘
A
๐Ÿ‘
CENTRALIZED
๐Ÿ‘
PRICE
๐Ÿ‘
ORACLE
1. Don't use low liquidity tokens

Any token that has low volume (meaning, it's not traded a lot, & often its market cap is low) can be easily manipulated.

If your protocol relies on a token that can be easily manipulated, you are headed to the @RektHQ front page.
2. Use a decentralized oracle network like @chainlink

There is a reason some of the biggest defi protocols like @AaveAave , @compoundfinance, and @synthetix_io all use Chainlink. This problem that has hacked so many protocols is LITERALLY one of the reasons why Chainlink exists
3. TWAP is scary AF

When using TWAP... You better know wtf you're doing.

TWAPs are subject to pretty easy manipulation, and there is caution after caution of using them, and hack after hack.

So maybe reconsider.



4. A DEX is a decentralized exchange NOT a decentralized price oracle.

๐Ÿ˜ฑ Scream this from the rooftops ๐Ÿ˜ฑ

A DEX is a single point of what the price of an asset is.

If you see ANY code getting price looks something like this.

Get.
Out.
Of.
That.
Protocol.
Please share and retweet this.

Web2 is fucking laughing at how we can't move past the same issue that has been plaguing us for years.

We as a community need to stop letting protocols go live that have these issues. It's unacceptable in 2022.

Auditors, please take notice.
I'm literally like, wtf do we need to do as a community to stop this?

A DEX is a centralized price oracle.
A DEX is a centralized price oracle.
A DEX is a centralized price oracle.
A DEX is a centralized price oracle.
A DEX is a centralized price oracle.

โ€ข โ€ข โ€ข

Missing some Tweet in this thread? You can try to force a refresh
ใ€€

Keep Current with Patrick Collins

Patrick Collins Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @PatrickAlphaC

Patrick Collins Profile picture
Apr 30
Make it a habit.

If you set a goal, focus 90% of your effort on habitualizing the daily routines it takes to accomplish the goal - and track how often those daily habits brought you closer to the goal.

If not, after a specific time frame, alter the daily habit.
Some people spend so much time setting a goal, and telling other people about how amazing g the new they set is, they never do the work to reach it.

1. Set the goal
2. Set the DAILY routines it takes to get there
3. Reflect that those routines are helping.
Donโ€™t tell people your goal.

Every time you tell people your goal, and someone goes โ€œwow, what a great goal!โ€ - you sap motivation.

That positive praise should be reserved for when you complete your challenge, not before.

Often, you need every ounce of motivation you can get
Read 6 tweets
Patrick Collins Profile picture
Apr 21
โœ๏ธ Solidity Tip!

You can call any function w/o the contract ABI, we need to know about function selectors and signatures.

Example Function Selector:
0xa9059cbb

Example Function Signature:
"transfer(address,uint256)"
Function Selector: The first 4 bytes of the call data for a function call that specifies the function to be called.

Function Signature: A string of the function name and parameter types.

Examples:
Why do we care?

You can call a function directly in solidity just by knowing its function selector or signature and hashing the data of the input parameters!

If I know an address has a transfer function that takes an address and a uint256, I can call it like so:
Read 9 tweets
Patrick Collins Profile picture
Apr 18
Sometimes I won't be able to answer all your questions fast enough - and sometimes not at all. I really wish I could.

๐Ÿงต It's really a shame when you see stuff like this. Quick thread.

PS. If you find this person, please don't go after them. We all have bad days. Image
As a community, we have to be collaborative,
resourceful, and above all else kind. Otherwise, we will end up just rebuilding all the bad practices of web2.

Eventually, this person did exactly what they should do - being resourceful and finding the answer another way.
And sometimes, I know all of you are going to face stuff like this.

It happens.

But I encourage you to try to take the high road as often as you can. There are very few circumstances where more action than that will be needed.
Read 4 tweets
Patrick Collins Profile picture
Apr 13
1/11
๐Ÿ’พ Let's learn about storage in solidity!
A web3 educational thread ๐Ÿงต ๐Ÿ‘‡

๐Ÿ“„ Storage is where our state or global variables get stored in our smart contracts. Whenever we create a contract-level variable, in the background, solidity adds it to this "storage" data structure!
3/11
๐Ÿงฎ Now when we store a storage variable, in the background, solidity adds our variable to storage, which can be thought of as a sequentially indexed list.

The first variable we name will go in the 0th storage slot.
4/11
๐Ÿซ” The data is encoded to its bytes32 form in the storage data structure. So we can store any of our basic types like bool, uint, int, etc.

The second variable we name will go in the 2nd slot.
Read 10 tweets
Patrick Collins Profile picture
Apr 6
๐Ÿงฑ Top sites to visit to learn web3 and smart contracts!

๐Ÿง‘๐Ÿพโ€๐Ÿ’ป FreeCodeCamp
โ›“ Chainlink Docs & Bootcamps
๐ŸงŸ CryptoZombies
๐ŸŽ“ DappUniversity
๐Ÿ” Eat the Blocks
๐Ÿธ Patrick Collins YT & Medium
โ˜„๏ธ Chainshot
๐Ÿฅพ Consensys Bootcamp
๐Ÿ‘จ๐Ÿฟโ€๐Ÿ”ฌ Moralis Academy & Site
๐Ÿ‘ฉ๐Ÿปโ€๐Ÿš€ Ethernaut
๐Ÿ‘‡
๐ŸŽŠ useWeb3
๐Ÿƒ SpeedRunEthereum / Austin Griffith
๐Ÿ“‰ Nader Dabit YT & Blog
๐Ÿ‘ท Buildspace
๐Ÿ‘ฉโ€๐Ÿซ Web3 University

And SO much more, the list keeps growing and growing!
Often times people ask me, "should I do a paid BootCamp if there is so much free material?"

And my answer to that is, it depends. Free content is awesome, but it can be a little tricky to get support sometimes. Paid bootcamps come with some wonderful hand holding.
Read 6 tweets
Patrick Collins Profile picture
Apr 5
The rules of the game will sometimes allow you to take corrupt actions without repercussions.

So then you have at least two options:
- Fight to change the rules
- Say โ€œthatโ€™s just how the game is playedโ€

As much as possible, choose the first one - otherwise we never move up
I think this is especially true in web3.

There are plenty of chances to say โ€œoh, this is broken, and it fucks over thousands of people - but thatโ€™s their faultโ€

We are in an experimental stage still, and things are broken and being fixed.
White hat hackers are a perfect example - they understand that in order for web3 to last, we need to work to fix the faults that exist. If all defi amounts to is hacks of people exploiting each other this whole movement will fade.

But it goes deeper than that
Read 6 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us on Twitter!

:(