Day 67 of #100DaysOfDeFI 🚀 Today I continued creating a basic DEX 👩🏻💻 and focused on developing a Pair smart contract 👾 Pair represents the Liquidity Pool 🪙 it is in charge of swapping 💱 managing the liquidity pool and burning 🔥 #womenwhocode#100DaysOfCode
Summary 🧵
1/ In this example of the Pair smart contract I’ll implement the following methods:
🔶 getReservers - get quantities of each token;
🔶 updateReserves - update the tokens’ quantities;
🔶 swap - exchange two tokens;
🔶 withdrawTokens - send the tokens back to the LP.
2/ First, initialize the Pair contract. We’ll need to import some contracts from OpenZeppelin and a Tokens contract from the day 66 of the challenge. Initialize state variables and constructor, too👩🏻💻
3/ Function getReserves is a getter function that returns quantities of each token 👇
4/ updateReserves → when the amount of tokens changes in the pool because of withdrawing, swapping or adding the tokens, we have to update the token's quantities 💰
5/ swap function 👾 is the main functionality of the DEX 💱 as an input we have the amounts of tokens to swap and the address to transfer them. This address corresponds to the caller of the contract 🤖 Basically, swapping is transferring of the tokens 🪙
6/ withdrawTokens functions is executed when the caller wants to get their tokens back from the Liquidity Pool 💰 It is performed with the help of transferFrom function of ERC20 interface and is basically the transfer of tokens from the Pair’s to the caller’s addresses 🤖
• • •
Missing some Tweet in this thread? You can try to
force a refresh
Day 75 of #100DaysOfDeFI 🚀 today 3/4 of the challenge is done! 🎉 Also today I finish exploring Solidity vulnerabilities with learning about Denial of service (DoS) attacks 🦹🏼♀️ #womenwhocode#100DaysOfCode
How it works 🧵
1/ There are many ways to attack a smart contract and at some point create a DoS⚡
2/ Denial of Service attack paralyzes a smart contract and makes it temporarily unusable 🛑
Day 74 of #100DaysOfDeFI 🚀 Today I learned about Delegate Call vulnerability in #Solidity 🦹🏼♀️ When using delegatecall opcode one should be careful because wrong usage will lead to unexpected results ⚠️ #womenwhocode#100DaysOfCode
How it works 🧵
1/ What delegatecall is? When contract A uses delegatecall to call contract B it means that the contract B code will be executed inside context of the contract A: storage, msg.sender, msg.value, msg.data, etc will be the A’s context.
2/ Storage layout must be the same for contract A and contract B → it means both contracts should declare the same state variables in the same order 👾
Day 73 of #100DaysOfDeFI 🚀 Learned about Self Destruct vulnerability in #Solidity 🦹🏼♀️ Selfdestruct deletes the contract from the blockchain and and sends all Ether to a designated address 💸 In some scenarios it can lead to unexpected problems ❌ #100DaysOfCode
How it works 🧵
1/ Let’s see how it works with an example of a simple game 🎲 Players send to the contract 1 token 🪙 the one who deposits the fifth token wins 🏆
Game code 👇
Day 72 of #100DaysOfDeFI 🚀 Today I looked at arithmetic Over/Under Flows in #Solidity 👾 This vulnerability been secured by the current Solidity version 🦸♂️ Nevertheless, it is important to understand what it is and how to avoid it 👩🏻💻 #womenwhocode#100DaysOfCode
Summary 🧵
1/ An overflow in Solidity occurs when a number is incremented beyond its maximum value. For example, if we have a uint8 with a value of 255 and increment it by 1, it will “reset” and set a value to 0. Remember, the maximum value for uint8 is 255❗
2/ Similar thing happens when we decrease a value beyond its minimal level. Taking the same example, if a uint8 is set to 0 and we decrease it by 1, it will set to 255, since 0 is the minimal value of uint8❗
Day 71 of #100DaysOfDeFI 🚀 looked at Re-Entrancy vulnerability🦹🏻 It is one of the most destructive attacks in the #Solidity smart contracts 💸 The untrusted contract that exploits the vulnerability is able to drain all user's funds 🚰 #100DaysOfCode
How it works 🧵
1/ To make it happen, there should be 2 contracts: a vulnerable contract and an attacker’s contract 👺
2/ The attacker should deposit some funds into the vulnerable contract 💰
Day 68 of #100DaysOfDeFI 🚀 Today I worked on the Factory smart contract that is a part of the decentralized exchange architecture 💱 Factory creates and keeps track of all Pair contracts 👩🏻💻 #womenwhocode#100DaysOfCode
Summary 🧵
1/ The Factory will include:
🔷 createPair - create a Liquidity Pool;
🔷 adjustAmount - adjust a number of tokens using a formula;
🔷 getReserves - a getter function;
🔷 addLiquidity - add liquidity to the LP;
🔷 removeLiquidity - withdraw liquidity;
🔷 trade1for2 - swap tokens.
2/ First, initialize contract and define the state variables 👩🏻💻