cyfrin / security-and-auditing-full-course-s23 Goto Github PK

Lesson

Lesson 1

Could you please leave a link to the timestamp in the video where this error occurs? (You can right click a video and "copy video URL at current time")

https://youtu.be/pUWmJ86X_do?si=MzOuDD8K-r8NJu7h&t=5507

Describe the bug

In the section 1 of Security and Auditing course after the 12th topic in which Patrick says we'll look at some upgradeable contracts examples in the next video there is no clip of upgradeable contracts in the next video and instead it jumps to selfdestruct and the next video number 14 which is fork test is included in the 13. selfdestruct video only so there is repetition of that on the updraft while on YouTube everything is fine.

Lesson

Lesson 1

Could you please leave a link to the timestamp in the video where this error occurs? (You can right click a video and "copy video URL at current time")

https://youtu.be/pUWmJ86X_do?si=xRf3iXmIybjkJTFL&t=6165

Operating System

Windows

Describe the bug

At this part of the video, the student is encouraged to play with SmallProxy.sol from:
https://github.com/Cyfrin/foundry-upgrades-f23/blob/main/src/sublesson/SmallProxy.sol

• A link to this repo could be a good value add, instead of the user searching for it.
• Upon pasting into Remix, contract will not compile until 'hide warnings' is ticked. It may be worth a small comment to inform the user: '// if pasting into Remix, you might need to tick 'hide warnings'

Great course!

Lesson

Lesson 3

Could you please leave a link to the timestamp in the video where this error occurs? (You can right click a video and "copy video URL at current time")

https://updraft.cyfrin.io/courses/security/first-audit/exploit-public-data?lesson_format=transcript

Operating System

Windows

Describe the bug

In section 3 lesson 10, there may be a mistake in the code. In written lessons on the website, there should be images of the code instead, it is displaying the HTML code which should not be happening. When I inspected the code I saw the img tag was in double quotes, may be that is the reason.

Lesson

Lesson 7

Could you please leave a link to the timestamp in the video where this error occurs? (You can right click a video and "copy video URL at current time")

No response

Describe the bug

In section 7, lesson 22 jumps back to repeat lesson 8 and then proceeds to Lesson 9 instead of Lesson 23.

Lesson

Lesson 1

Could you please leave a link to the timestamp in the video where this error occurs? (You can right click a video and "copy video URL at current time")

https://www.youtube.com/watch?v=Vy9p6PgNPWg

Describe the bug

Repeated video in Upgradeable contracts, it is the same as the Encoding function.

Lesson

Lesson 1

Could you please leave a link to the timestamp in the video where this error occurs? (You can right click a video and "copy video URL at current time")

(https://www.youtube-nocookie.com/embed/?autoplay=0&controls=0&disablekb=1&playsinline=0&cc_load_policy=0&cc_lang_pref=auto&widget_referrer=https%3A%2F%2Fupdraft.cyfrin.io%2Fcourses%2Fsecurity%2Freview%2Finstalling-libraries%3Flesson_format%3Dvideo&rel=0&showinfo=0&iv_load_policy=3&modestbranding=1&customControls=true&noCookie=true&enablejsapi=1&origin=https%3A%2F%2Fupdraft.cyfrin.io&widgetid=1)

Describe the bug

In the section 1.4 video not found on updraft

Describe the enhancement

Lesson

In The Review section of course

Link:
https://updraft.cyfrin.io/courses/security/review/upgradeable-contracts

Describe the bug

In the Review Section, Go towards 'Upgradeable contracts' video & you can see that It is showing the previous video .
In 'Small proxy' it's showing previous video ''Upgradeable contracts'. Do check it out.

Thanks

Lesson

Other (please describe)

Could you please leave a link to the timestamp in the video where this error occurs? (You can right click a video and "copy video URL at current time")

https://www.youtube.com/watch?v=rjaLKCmQf7g

Describe the bug

The same video (Augmented report with AI) got uploaded for the video titled "Quick primer on what we are learning next" at section 3 lesson 22.

Describe the enhancement

The LinkedIn points to some alchemy link.

I think that should point to something different related to Linkedin.

Lesson

Other (please describe)

Could you please leave a link to the timestamp in the video where this error occurs? (You can right click a video and "copy video URL at current time")

No response

Operating System

Windows

Describe the bug

In the written section of Lesson 16 command line "forge anvil" was written which throws error unrecognized sub-command on terminal. The correct command is "anvil," as accurately demonstrated in the corresponding video section.

Describe the enhancement

Arbitrary List:

• The high level coverage of signatures is fine for the purposes of the content, but it leaves quite a few unanswered questions such as the actual definitions and derivations of the v, r and s values. Expanding with content focused on signatures would be good!

• MOAR Remix/Vulnerability examples. Seeing the bug in action is awesome.

Lesson

Lesson 13

Could you please leave a link to the timestamp in the video where this error occurs? (You can right click a video and "copy video URL at current time")

https://updraft.cyfrin.io/courses/security/bridges/signatures-summarized

Describe the bug

This video detail page shows

Network Error
A network error caused the media download to fail.

Lesson

Lesson 1

Could you please leave a link to the timestamp in the video where this error occurs? (You can right click a video and "copy video URL at current time")

https://updraft.cyfrin.io/courses/security/review/upgradeable-contracts

Describe the bug

In section 1: Review

Instead of upgradeable contracts topic video, it contains video explaining encoding function

Instead of small proxy topic video, it contains video explaining upgradeable contracts

Instead of self destruct topic video, it contains video explaining small proxy

In the section 1, lesson 14 video, it contains video explaining self destruct and fork tests

Describe the bug

It is kinda complicated to work with cyfrin updraft website`s video on half screen mode. You can compare it with Yt - as an opposite i can properly see video in Yt in a same mode. I know i can click the link and open it on Yt as well, but i believe it will be better to do something with UI of website. P.S. Patrick you awesome lecturer <3

Discussed in #198

+    mapping(address => uint256) public addressToRaffleId;
+    uint256 public raffleId = 0;
    .
    .
    .
    function enterRaffle(address[] memory newPlayers) public payable {
        require(msg.value == entranceFee * newPlayers.length, "PuppyRaffle: Must send enough to enter raffle");
        for (uint256 i = 0; i < newPlayers.length; i++) {
            players.push(newPlayers[i]);
+            addressToRaffleId[newPlayers[i]] = raffleId;            
        }

-        // Check for duplicates
+       // Check for duplicates only from the new players
+       for (uint256 i = 0; i < newPlayers.length; i++) {
+          require(addressToRaffleId[newPlayers[i]] != raffleId, "PuppyRaffle: Duplicate player");
+       }    
-        for (uint256 i = 0; i < players.length; i++) {
-            for (uint256 j = i + 1; j < players.length; j++) {
-                require(players[i] != players[j], "PuppyRaffle: Duplicate player");
-            }
-        }
        emit RaffleEnter(newPlayers);
    }
.
.
.
    function selectWinner() external {
+       raffleId = raffleId + 1;
        require(block.timestamp >= raffleStartTime + raffleDuration, "PuppyRaffle: Raffle not over");

+    mapping(address => uint256) public addressToRaffleId;
+    uint256 public raffleId = 1; // raffleId = 0 will lead to fail to add new player
    .
    .
    .
    function enterRaffle(address[] memory newPlayers) public payable {
        require(msg.value == entranceFee * newPlayers.length, "PuppyRaffle: Must send enough to enter raffle");
        for (uint256 i = 0; i < newPlayers.length; i++) {
+            require(addressToRaffleId[newPlayers[i]] != raffleId, "PuppyRaffle: Duplicate player");            
               players.push(newPlayers[i]);
+            addressToRaffleId[newPlayers[i]] = raffleId;            
        }

-        // Check for duplicates
-        for (uint256 i = 0; i < players.length; i++) {
-            for (uint256 j = i + 1; j < players.length; j++) {
-                require(players[i] != players[j], "PuppyRaffle: Duplicate player");
-            }
-        }
        emit RaffleEnter(newPlayers);
    }
.
.
.
    function selectWinner() external {
+       raffleId = raffleId + 1;
        require(block.timestamp >= raffleStartTime + raffleDuration, "PuppyRaffle: Raffle not over");
```</div>

Describe the enhancement

In the security-and-auditing-full-course-s23 repo:

• readme.md file
• Section 2: What is a smart contract audit
• Smart Contract Development Life Cycle
• Is this just one step? This returns a 404 page to me.

Lesson

Lesson 2

Could you please leave a link to the timestamp in the video where this error occurs? (You can right click a video and "copy video URL at current time")

No response

Describe the bug

Not a video mistake, just a small typo

Discussed in #126

<!DOCTYPE html>
<html>
<head>
<style>
    .full-page {
        width:  100%;
        height:  100vh; /* This will make the div take up the full viewport height */
        display: flex;
        flex-direction: column;
        justify-content: center;
        align-items: center;
    }
    .full-page img {
        max-width:  200;
        max-height:  200;
        margin-bottom: 5rem;
    }
    .full-page div{
        display: flex;
        flex-direction: column;
        justify-content: center;
        align-items: center;
    }
</style>
</head>
<body>

<div class="full-page">
    <img src="./logo.svg" alt="Logo">
    <div>
    <h1>Puppy Raffle Protocol Audit Report</h1>
    <h3>Prepared by: Prince Allwin</h3>
    </div>
</div>

</body>
</html>

<!-- Your report starts here! -->
.
.
.

Describe the enhancement

https://github.com/Cyfrin/security-and-auditing-full-course-s23?tab=readme-ov-file#-section-5-invariants--intro-to-defi--tswap-audit:~:text=Encoding%20%26%20Decoding%20Refresher

scroll down to Scoping & Reconnaissance: Boss Bridge

Lesson

Lesson 4

Could you please leave a link to the timestamp in the video where this error occurs? (You can right click a video and "copy video URL at current time")

https://youtu.be/pUWmJ86X_do?t=30463

Describe the bug

PuppyRaffle Audit -> H-3 Integer Overflow -> Proof of Concept -> 4th point:

4. You will now not be able to withdraw, due to this line in PuppyRaffle::withdrawFees:

require(address(this).balance == uint256(totalFees), "PuppyRaffle: There are currently players active!");

Although you could use selfdestruct to send ETH to this contract in order for the values to match and withdraw the fees, this is clearly not what the protocol is intended to do.

I think that last line is a mistake.

As far as I understand selfdestruct can increase a contract's balance. But, address(PuppyRaffle).balance > totalFees after the integer overflow. It makes no sense to increase address(PuppyRaffle).balance.