·
We continued the Sukukfi contest on Code4rena, and analyzed the ERC7575 vault contract.
Lesson Summary:
- If the flows are asynchronous(step-wise), how's the price calculated? In the current scenario, after step 2(fulfilling)'s price calculation, is the price also calculated on claiming? If it's the same, what happens if a slashing occurs between these 2 steps? Will the protocol stay solvent? Play with function inputs, try multiple small deposits, splitting, etc.
- Try spamming functions, see if variables are updated correctly every time.
- See the initializing fn, check if inherits that needs initializing are initialized.
- decimals() fn is not part of the EIP-20. It's not mandatory.
- Sometimes, try/catch can revert, but it doesn't go to catch.
- Lets say you pick a flow/step, try to remember what variables are being updated there and use this knowledge when approaching other steps/flows.