Thanks for sharing this awesome series with the community
I would try the Solidity 0.5 version of Ethernaut (https://solidity-05.ethernaut.openzeppelin.com/) (Once OpenZeppelin Contracts 3.0 is out of beta can see who in the community wants to upgrade the contracts to Solidity 0.6).
There are a number of community solutions, though it would be great if you wanted to write your own as well: Ethernaut Community Solutions
-Added the OpenZeppelin test library to my tests
+Kept getting an error about the timeout exceeding 2000ms, so I added a quick fix that disables the timeout this.timeout(0);, but maybe there’s a better fix for this? Perhaps a configuration I overlooked?
-Completed Lesson 4 of CryptoZombies
-Refresher on the batchOverflow hack on BEC
-Studied the MakerDAO vulnerability in the DSChiefApprovals contract, extended by the DSChief contract, identified by OpenZeppelin
I know they won’t be included in v3.0. However, I never learned how to develop them when they were popular. And in case Hester Pierce passes that bill giving ICOs a 3 year grace period, it could be helpful to know.
Regardless, this is all educational. I don’t intend to implement this project for production.
-Imported TimedCrowdsale.sol and added constructor arguments for them. I also added some tests, but ran into issues seen below. I believe the issue has to do with the JavaScript integer limitation MAX_SAFE_INTEGER. However, I still had issues when trying to wrap the integers in a string or BN though. The specific line of code that seems to cause this error is highlighted below.
-Finished reading about the critical vulnerability in MakerDAO and started reading the initial audit for Compund.
The line below seems to cause the error. When commented, the tests complete with the given opening and closing times. Of course, they don’t all pass without the line below though.
-Completed the Coin Flip level on Ethernaut. Had trouble sending the calculated answer manually, so I made a smart contract in Remix to calculate and submit the answer for me.
-Finished studying the Compund audit and began studying the Aave audit, with particular interest in the flash loan capability. This has been something I’ve wanted to learn more about since hearing about the bzx exploit. Found a great resource to build on this thanks to @Austin-Williams with his safer-flash-loans repo.
-Previous error with timed crowdsale tests are fixed! Thank you @abcoathup for the help with this. All tests pass with the syntax change when calculating time in these tests. Have a great new resource to refer to when writing my tests. Btw, are all SafeMath calculations available in tests through the helpers library?
Added WhtielistCrowdsale functionality to MyCrowdsale.
All tests pass!
Began splitting tests for specific test cases. Using the OpenZeppelin test repo to model these new tests. Only just created a test file for TimedCrowdsale.
TODO: Need to add more tests to TimedCrowdsale and create test files for Minted, Capped, and the OZToken contract.
Completed Ethernaut level 4 Telephone.
Studied some known attacks compiled by Consensys.
Found a cyber security training website called tryhackme that reminded me of Ethernaut (but not blockchain specific). @abcoathup do you think this is something worth diving into further? Or is it too far removed from a blockchain focused security perspective?
I’m also most interested in Solidity, and smart contracts generally. I just wanted to see if this was something that could enhance my contribution to the space, or if it would be more of a distraction from what I should be researching.
Ultimately, I just want the things I learn to help this space grow since it’s helped me grow so much along the way.
Extended the timed crowdsale tests. Had some minor issues with the access roles like minter role and whitelisted role initially, but easily fixed after reading various OpenZeppelin test files. Really highlighted the benefits of a test-driven development approach for a larger project as opposed to making all tests after inheriting from several contracts.
But all tests pass so far!
Did further research on the recent MakerDAO exploit where one keeper liquidated a bunch of CDPs for free after the sudden ETH dump a few days ago. Any additional information or resources on this is greatly appreciated!
Took notes on the video presentation by @Austin-Williams over the CDP pattern commonly seen in DeFi projects.