Juan Ignacio Pérez Sacristán
Juan Ignacio Pérez Sacristán
Design: A mapping of accounts hasInteracted[address] stores those who lend/withdraw on current block. A block counter uint256 currentBlock says to which block the mapping of accounts corresponds to. If block.number...
Concern: The only way to "clear" a mapping in Solidity is to iterate through the keys (using a separate array that stores the keys) and delete the individual elements. This...
I've created the new branch called "NotInTheSameBlock" for the task "Prevent lending and withdrawal within the same tx/block #199". The check function is already developed. I've placed it at the...
About FlashLoanerTest. I cannot find any test-js on affiliates_v2 branch that is using the FlashLoanerTest contract. Reading the contract this is what I understand: 1.- doStuffWithFlashLoan function measures token balance...
Meanwhile, in order to avoid attacks, I am finding out where to place the NotInTheSameBlock checker: On a lending pool: 1.- Which function is for depositing liquidity? Attack vector for...
Added _checkNotInTheSameBlock on loantoken mint, burn and _borrowOrTrade. All tests pass Ok. Developing a new test that simulates an attack to be sure the check is enough to avoid it.
Test setup: underlying token is SUSD loan pool token is iSUSD collateral token is RBTC -- Test: Mint, Borrow and Burn in 1 tx should fail: throws error: VM Exception...
Next step, perform the hack through a fake flash loan call: flash loan expected sequence in your contract: - iToken should have big utilisation rate (e.g. 80%), therefore big lending...
I've created two new contracts. FlashLoanMockup is simulating a third party flash loan provider and FlashLoanAttack is requesting a flash loan and exposing a callback function that executes the attack....
FL delegated call is failing when minting loan pool tokens. It should fail afterwards, when requesting to borrow. So something is wrong in the delegated call, maybe the msg.sender of...