0xekez / cw-flash-loan Goto Github PK
View Code? Open in Web Editor NEWA CosmWasm contract for native and cw20 flash loans.
License: Other
cw-flash-loan's Introduction
A CosmWasm contract for cw20 and native token flash loans. Providers provide liquidity for loans and receive loan fees porportional to the amount of tokens they have provided. An optional admin (ideally, a DAO) may update the fee at their convenience. Each instantiation of the contract may only provide loans in one denomination. To provide loans in multiple denominations one should deploy more than once version of the contract. This contract is unaudited and does not yet support migrations in the event of a vulnerability. Take care. Do not use this for anything mission critical. This program is licensed under the AGPL. See the LICENSE file for more information.
cw-flash-loan's People
Contributors
Stargazers
Watchers
cw-flash-loan's Issues
confirm this isn't vulnerable to provider reentrancy
browsing through the white whale flash loan contracts, i stumbled upon this commit: White-Whale-Defi-Platform/white-whale-core@36ccf9f. tl;dr: they disable depositing funds into the vault while flash loans are outstanding as they believe this could lead to a reentrancy attack.
the testing for this contract is too limited atm to test this, and i'm not in the mood. so instead, i'm making this issue to tell you, dear reader, do not use this contract unless you make sure it is not vulnerable to this.
that said, i do not think we are vulnerable to this. from a theory perspective, our provider math is constructed so as to guarantee:
if you put in tokens, you will get the same number of tokens out unless the contract balance increases while you have your tokens in.
the entire reason it exists is to determine that. if you flash loan, and provide those tokens, you're paying the flashloan amount for a percentage ownership of the balance after you provide equal to the flahloan amount. were this not the case, it would be possible to provide an amount of tokens, and instantly get more out.
an example
say the world exists like:
balance = 10
total_provided = 10
i take out a flash loan for 5, and provide them.
amount_to_provide = total_provied * provided / balance = 10 * 5 / 5 = 10
i then withdraw with the world existing like:
balance = 10
total_provided = 20
to compute my entitlement:
compute_entitled(provided, total_provided, balance)
= compute_entitled(10, 20, 10)
= 10 * 10 / 20
= 10/2
= 5
so i've flash loaned out five tokens, provided them, and then withdrawn them, without making any money.
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. ๐๐๐
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google โค๏ธ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.