First Flight #3: Thunder Loan
Become more familiar with DeFi and flashloans in CodeHawks' most challenging First Flight yet! Thunder Loan allows users to create flash loans and provides yield to it's liquidity providers!
Thunder Loan
Contest Details
Contest Details
Prize Pool
-
High - 100xp
-
Medium - 20xp
-
Low - 2xp
-
Starts: Noon UTC Wednesday, Nov 01 2023
-
Ends: Noon UTC Wednesday, Nov 08 2023
Stats
- nSLOC: 387
- Complexity Score: 325
A flash loan protocol based on Aave and Compound.
About
The ⚡️ThunderLoan⚡️ protocol is meant to do the following:
- Give users a way to create flash loans
- Give liquidity providers a way to earn money off their capital
Liquidity providers can deposit assets into ThunderLoan and be given AssetTokens in return. These AssetTokens gain interest over time depending on how often people take out flash loans!
What is a flash loan?
A flash loan is a loan that exists for exactly 1 transaction. A user can borrow any amount of assets from the protocol as long as they pay it back in the same transaction. If they don't pay it back, the transaction reverts and the loan is cancelled.
Users additionally have to pay a small fee to the protocol depending on how much money they borrow.
We are planning to upgrade from the current ThunderLoan contract to the ThunderLoanUpgraded contract. Please include this upgrade in scope of a security review.
Getting Started
Requirements
- git
- You'll know you did it right if you can run
git --versionand you see a response likegit version x.x.x
- You'll know you did it right if you can run
- foundry
- You'll know you did it right if you can run
forge --versionand you see a response likeforge 0.2.0 (816e00b 2023-03-16T00:05:26.396218Z)
- You'll know you did it right if you can run
Quickstart
git clone https://github.com/Cyfrin/2023-11-Thunder-Loan
cd 2023-11-Thunder-Loan
make
Optional Gitpod
If you can't or don't want to run and install locally, you can work with this repo in Gitpod. If you do this, you can skip the clone this repo part.
Usage
Testing
forge test
Test Coverage
forge coverage
and for coverage based testing:
forge coverage --report debug
Audit Scope Details
- Commit Hash: e8ce05f5530ca965165d41547b289604f873fdf6
- In Scope:
├── interfaces
│ ├── IFlashLoanReceiver.sol
│ ├── IPoolFactory.sol
│ ├── ITSwapPool.sol
│ #── IThunderLoan.sol
├── protocol
│ ├── AssetToken.sol
│ ├── OracleUpgradeable.sol
│ #── ThunderLoan.sol
#── upgradedProtocol
#── ThunderLoanUpgraded.sol
Compatibilities
- Solc Version: 0.8.20
- Chains:
- ETH
- Tokens:
- All tokens that follow the ERC20 Standard
- Any ERC20 that does not is only included if it is specified below:
- USDT: 0xdAC17F958D2ee523a2206206994597C13D831ec7
- USDC: 0xA0b86991c6218b36c1d19D4a2e9Eb0cE3606eB48
- STA: 0xa7DE087329BFcda5639247F96140f9DAbe3DeED1
- PAXG: 0x45804880De22913dAFE09f4980848ECE6EcbAf78
- BNB: 0xB8c77482e45F1F44dE1745F52C74426C631bDD52
- ZIL: 0x05f4a42e251f2d52b8ed15E9FEdAacFcEF1FAD27
- KNC: 0xdd974D5C2e2928deA5F71b9825b8b646686BD200
Roles
- Owner: The owner of the protocol who has the power to upgrade the implementation.
- Liquidity Provider: A user who deposits assets into the protocol to earn interest.
- User: A user who takes out flash loans from the protocol.
Known Issues
None
Leaderboard
| Rank | Username | ||||
| 1 | s | 420 | 4 (0) | 1 (0) | 0 |
| 2 | T TAdev | 400 | 4 (0) | 0 (0) | 0 |
| 3 | b bbcrypt | 400 | 4 (0) | 0 (0) | 0 |
| 4 | L Leogold | 360 | 3 (0) | 1 (0) | 0 |
| 5 | h happyformerlawyer | 320 | 3 (0) | 1 (0) | 0 |
| 6 | I | 300 | 3 (0) | 0 (0) | 0 |
| 7 | n nisedo | 262 | 2 (0) | 3 (0) | 1 |
| 8 | z zxarcs | 260 | 2 (0) | 1 (0) | 0 |
| 9 | C Ciara | 250 | 2 (0) | 2 (0) | 1 |
| 10 | K | 243 | 2 (0) | 0 (0) | 1 |
| 11 | a aethrouzz | 240 | 2 (0) | 2 (0) | 0 |
| 12 | a abhishekthakur | 228 | 2 (0) | 1 (0) | 0 |
| 13 | C CodeLock | 223 | 2 (0) | 1 (0) | 1 |
| 14 | 0 0xspryon | 222 | 2 (0) | 1 (0) | 1 |
| 15 | w wafflemakr | 220 | 2 (0) | 1 (0) | 0 |
| 16 | k kumar | 220 | 2 (0) | 1 (0) | 0 |
| 17 | 0 0x6a70 | 203 | 2 (0) | 0 (0) | 1 |
| 18 | l lian886 | 202 | 2 (0) | 0 (0) | 1 |
| 19 | a anonditor | 200 | 2 (0) | 0 (0) | 0 |
| 20 | 0 0xVinylDavyl | 200 | 2 (0) | 0 (0) | 0 |
| 21 | N Nocturnus | 200 | 2 (0) | 0 (0) | 0 |
| 22 | 0 0xJimbo | 200 | 2 (0) | 0 (0) | 0 |
| 23 | G GoSoul22 | 200 | 2 (0) | 0 (0) | 0 |
| 24 | j johnmatrix | 200 | 2 (0) | 0 (0) | 0 |
| 25 | 0 0xhashiman | 200 | 2 (0) | 0 (0) | 0 |
| 26 | a alphabuddha1357 | 142 | 1 (0) | 2 (0) | 1 |
| 27 | a anarcheuz | 142 | 1 (0) | 2 (0) | 1 |
| 28 | I IvanFitro | 140 | 1 (0) | 0 (0) | 0 |
| 29 | C Coffee | 128 | 1 (0) | 1 (0) | 0 |
| 30 | 0 0xAraj | 120 | 1 (0) | 1 (0) | 0 |
| 31 | r r0ck3tz | 120 | 1 (0) | 1 (0) | 0 |
| 32 | E Eric | 120 | 1 (0) | 1 (0) | 0 |
| 33 | 0 0xSwahili | 120 | 1 (0) | 1 (0) | 0 |
| 34 | 0 | 120 | 1 (0) | 1 (0) | 0 |
| 35 | z zhuying | 120 | 1 (0) | 1 (0) | 0 |
| 36 | f fedebianu | 120 | 1 (0) | 1 (0) | 0 |
| 37 | b benbo | 102 | 1 (0) | 0 (0) | 1 |
| 38 | m matthu | 102 | 1 (0) | 0 (0) | 1 |
| 39 | 0 0xloscar01 | 100 | 1 (0) | 0 (0) | 0 |
| 40 | O Osora9 | 100 | 1 (0) | 0 (0) | 0 |
| 41 | A Aitor | 100 | 1 (0) | 0 (0) | 0 |
| 42 | P Pelz | 100 | 1 (0) | 0 (0) | 0 |
| 43 | a alsirang | 100 | 1 (0) | 0 (0) | 0 |
| 44 | u uint256vieet | 100 | 1 (0) | 0 (0) | 0 |
| 45 | i iLoveMiaGoth | 100 | 1 (0) | 0 (0) | 0 |
| 46 | D Dutch | 100 | 1 (0) | 0 (0) | 0 |
| 47 | j jerseyjoewalcott | 100 | 1 (0) | 0 (0) | 0 |
| 48 | D DenTonylifer | 100 | 1 (0) | 0 (0) | 0 |
| 49 | z zach030 | 100 | 1 (0) | 0 (0) | 0 |
| 50 | L | 100 | 1 (0) | 0 (0) | 0 |
| 51 | d dcheng | 100 | 1 (0) | 0 (0) | 0 |
| 52 | a asimaranov | 100 | 1 (0) | 0 (0) | 0 |
| 53 | Z ZedBlockchain | 40 | 0 (0) | 2 (0) | 0 |
| 54 | p pacelliv | 40 | 0 (0) | 2 (0) | 0 |
| 55 | u uba7 | 22 | 0 (0) | 1 (0) | 1 |
| 56 | i ironcladmerc | 20 | 0 (0) | 1 (0) | 0 |
| 57 | m musashi | 20 | 0 (0) | 1 (0) | 0 |
| 58 | k kanastasoff | 4 | 0 (0) | 0 (0) | 2 |
| 59 | B BowTiedJerboa | 2 | 0 (0) | 0 (0) | 1 |
| 60 | C Charalab0ts | 2 | 0 (0) | 0 (0) | 1 |
| 61 | D DuncanDuMond | 2 | 0 (0) | 0 (0) | 1 |
| 62 | A Arie71 | 2 | 0 (0) | 0 (0) | 1 |
