Paul (paulvijender)

Attack vector #2 on this list - Rounding errors. Rounding errors can be a tricky pitfall for developers. Some best practices and guidance below to avoid attacks stemming from these errors. 👇

• 1 reply
• 0 recasts
• 2 reactions

Top 5 - DeFi Attack Vectors of 2024 so far 🔑 Stolen Private Keys - 5 - $27.2m 🛞 Rounding Errors - 4 - $11.7m 💹 Price Oracle Manipulation - 4 - $8.1m 📞 Arbitrary External Calls - 4 - $3.5m 🔍 Function Parameter Validation - 1 - $3.3m H/t : blocktheat

• 0 replies
• 0 recasts
• 0 reactions

For all the hate inscriptions are getting, it is a free performance test for blockchains. If a chain breaks, they have work to do. 🤷🏽‍♂️

• 0 replies
• 0 recasts
• 0 reactions

3/ Use SafeMath, ABDK and FixedPoint libraries. While Solidity 0.8.x auto-prevents overflow and underflow, SafeMath can still help with explicit rounding control. It's a must for versions before 0.8 and a good practice for clarity and explicitness in your code.

• 1 reply
• 0 recasts
• 2 reactions

7/ When downcasting from one type to another, Solidity will not revert but overflow, resulting in unexpected behavior and exploitable bugs. When downcasting developers should consider using OpenZeppelin's SafeCast library which reverts if downcasting would overflow.

• 1 reply
• 0 recasts
• 1 reaction

Attack vector #2 on this list - Rounding errors. Rounding errors can be a tricky pitfall for developers. Some best practices and guidance below to avoid attacks stemming from these errors. 👇

• 1 reply
• 0 recasts
• 2 reactions

8/ Rounding on buying, selling, withdraw, redeem, deposits & protocol fee calculations should always favor the protocol. Round down should be used in calculation of amount you have to send out of contract (eg: withdraw function) Round up should be used in calculation of amount you have to deposit/receive into contract.

• 1 reply
• 0 recasts
• 1 reaction