0xekez / cw-flash-loan Goto Github PK
View Code? Open in Web Editor NEWA CosmWasm contract for native and cw20 flash loans.
License: Other
A CosmWasm contract for native and cw20 flash loans.
License: Other
A CosmWasm contract for cw20 and native token flash loans. Providers provide liquidity for loans and receive loan fees porportional to the amount of tokens they have provided. An optional admin (ideally, a DAO) may update the fee at their convenience. Each instantiation of the contract may only provide loans in one denomination. To provide loans in multiple denominations one should deploy more than once version of the contract. This contract is unaudited and does not yet support migrations in the event of a vulnerability. Take care. Do not use this for anything mission critical. This program is licensed under the AGPL. See the LICENSE file for more information.
browsing through the white whale flash loan contracts, i stumbled upon this commit: White-Whale-Defi-Platform/white-whale-core@36ccf9f. tl;dr: they disable depositing funds into the vault while flash loans are outstanding as they believe this could lead to a reentrancy attack.
the testing for this contract is too limited atm to test this, and i'm not in the mood. so instead, i'm making this issue to tell you, dear reader, do not use this contract unless you make sure it is not vulnerable to this.
that said, i do not think we are vulnerable to this. from a theory perspective, our provider math is constructed so as to guarantee:
if you put in tokens, you will get the same number of tokens out unless the contract balance increases while you have your tokens in.
the entire reason it exists is to determine that. if you flash loan, and provide those tokens, you're paying the flashloan amount for a percentage ownership of the balance after you provide equal to the flahloan amount. were this not the case, it would be possible to provide an amount of tokens, and instantly get more out.
say the world exists like:
balance = 10
total_provided = 10
i take out a flash loan for 5
, and provide them.
amount_to_provide = total_provied * provided / balance = 10 * 5 / 5 = 10
i then withdraw with the world existing like:
balance = 10
total_provided = 20
to compute my entitlement:
compute_entitled(provided, total_provided, balance)
= compute_entitled(10, 20, 10)
= 10 * 10 / 20
= 10/2
= 5
so i've flash loaned out five tokens, provided them, and then withdrawn them, without making any money.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.