Day 71 of #100DaysOfDeFI 🚀 looked at Re-Entrancy vulnerability🦹🏻 It is one of the most destructive attacks in the #Solidity smart contracts 💸 The untrusted contract that exploits the vulnerability is able to drain all user's funds 🚰
#100DaysOfCode

How it works 🧵
1/ To make it happen, there should be 2 contracts: a vulnerable contract and an attacker’s contract 👺
2/ The attacker should deposit some funds into the vulnerable contract 💰
3/ Then it calls the withdraw function to get its funds back ◀️
4/ The vulnerable contract sends the funds to the attacker and it triggers fallback function 👾
5/ Fallback calls the withdraw function again ♻️
6/ The vulnerable contract doesn’t manage to update the balances because it is stuck in a loop withdraw - fallback - withdraw 💸
7/ The malicious contract drains the funds of the vulnerable contract 🚰
8/ Vulnerable contract 👇
9/ Attacker contract 👇
10/ To prevent the reentrancy attack we should:
🔸 update balances before sending funds to any external contract;
🔸 use modifiers to prevent reentrancy.

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Anna Kondratenko 👩🏻‍💻

Anna Kondratenko 👩🏻‍💻 Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @anacoding

May 18
Day 68 of #100DaysOfDeFI 🚀 Today I worked on the Factory smart contract that is a part of the decentralized exchange architecture 💱  Factory creates and keeps track of all Pair contracts 👩🏻‍💻
#womenwhocode #100DaysOfCode

Summary 🧵 Image
1/ The Factory will include:
🔷 createPair - create a Liquidity Pool;
🔷 adjustAmount - adjust a number of tokens using a formula;
🔷 getReserves - a getter function;
🔷 addLiquidity - add liquidity to the LP;
🔷 removeLiquidity - withdraw liquidity;
🔷 trade1for2 - swap tokens.
2/ First, initialize contract and define the state variables 👩🏻‍💻 Image
Read 8 tweets
May 17
Day 67 of #100DaysOfDeFI 🚀 Today I continued creating a basic DEX 👩🏻‍💻  and focused on developing a Pair smart contract 👾  Pair represents the Liquidity Pool 🪙 it is in charge of swapping 💱 managing the liquidity pool and burning 🔥
#womenwhocode #100DaysOfCode

Summary 🧵
1/ In this example of the Pair smart contract I’ll implement the following methods:
🔶  getReservers - get quantities of each token;
🔶  updateReserves - update the tokens’ quantities;
🔶  swap - exchange two tokens;
🔶  withdrawTokens - send the tokens back to the LP.
2/ First, initialize the Pair contract. We’ll need to import some contracts from OpenZeppelin and a Tokens contract from the day 66 of the challenge. Initialize state variables and constructor, too👩🏻‍💻
Read 7 tweets
May 16
Day 66 of #100DaysOfDeFI 🚀  Today and the following days I'll dive into DEXs implementation in #Solidity ⭐️ I’ll review the Uniswap smart contracts and create a decentralized exchange protocol 👩🏻‍💻 
#womenwhocode #100DaysOfCode

Summary 🧵 Image
1/ Uniswap smart contract architecture consists of Core and Periphery:
🔹 Core is used for storing and swapping the tokens, adding funds, getting rewards, etc;
🔹 Periphery interacts with the Core.
2/ Core stores the following smart contracts:
🔹 Pair - swaps, mints and burns tokens;
🔹 Factory - creates pairs of tokens;
🔹 ERC20 - keeps track of ownership of pool.

Periphery has only 1 smart contract:
🔹 Router - interacts with the Core.
Read 6 tweets
May 11
Day 63 of #100DaysOfDeFI 🚀 Today I learned how to deploy an NFT collection on a testnet 🤖  and uploaded a collection of watermelon houses generated with AI on OpenSea 🐳  special thanks to @javilop for creating these cute houses! 🍉
#womenwhocode #100DaysOfCode

Summary 🧵
1/ First, upload a collection of images on Pinata, I described it in detail on day 56 of the challenge 🔙
2/ Now create json files for each image and add CID to “image” 👇
Read 9 tweets
May 10
Day 62 of #100DaysOfDeFI 🚀 Today I continued deploying smart contracts on Ethereum testnet Rinkeby and uploaded a duck 🦆 NFT on OpenSea 👩🏻‍💻
#womenwhocode #100DaysOfCode

Summary 🧵
1/ First, prepare the jpeg file and metadata for the NFT. We’ll use Pinata platform for hosting files 🦙 A jpeg is an image we want to deploy as an NFT and a json file is the metadata. So, create an account in pinata.cloud and first upload the image.
2/ There will be a CID generated that we have to add to the json file. In name section add “gateway.pinata.cloud/ipfs/” and the image CID. Upload the json file too 👩🏻‍💻
Read 7 tweets
May 9
Day 61 of #100DaysOfDeFI 🚀 Today I learned how to deploy tokens on Ethereum testnet 👾  for this I will use Rinkeby testnet and Remix IDE for developing smart contract 👩🏻‍💻
#womenwhocode #100DaysOfCode

Summary 🧵 Image
1/ Use code from the day 57 of the challenge to create ERC20 tokens 👇 Image
2/ Then, create 2 additional accounts on Rinkeby testnet on MetaMask 🦊 For that, just choose the Rinkeby testnet and click “Create account” 👾 Image
Read 9 tweets

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us on Twitter!

:(