Actlysis

🗓️ Day 86 – Solving Damn Vulnerable DeFi Challenges 🛠️ 🔹 Current Challenge: Puppet v3 🕵️‍♂️ 📚 Key Learnings: ✅ Learned how ticks simplify liquidity provision by specifying tickLower and tickUpper ranges ✅ Learned how ticks can be converted to prices and vice versa using the standard formula ✅ Learned how TWAP values are fetched using the consult function from a pool contract ✅ Learned that when creating a pool via NonfungiblePositionManager, it expects the initial price in √price × 2^96 (Q64.96 fixed-point format) ✅ Understood the developer intent behind the challenge 💡 Notes: - Still figuring out whether TWAP can be manipulated when a protocol does not use it correctly - Most of these concepts are still at a high level for me; I have not yet gone deep into how they work internally

🗓️ Day 85 – Solving Damn Vulnerable DeFi Challenges 🛠️ 🔹 Current Challenge: Puppet v2 ☑️ 📚 Key Learnings: ✅ Learned how Uniswap V2 Router simplifies swaps by routing everything through factory and pair contracts ✅ Understood that Uniswap V2 can handle any ERC20 ↔ ERC20 token swaps through liquidity pairs ✅ Understood basic router flow and how trades are executed indirectly through liquidity pools ✅ Saw that Puppet v2 uses the same pricing weakness as Puppet v1, but now through Uniswap V2 liquidity 💡 Security Mindset: Don’t trust onchain DEX prices as a source of truth , they can be easily manipulated 🚨 💡 Reflection: Even decentralized prices can be unreliable when liquidity is low. Protocols must not assume AMM prices are always “fair” or accurate.

🗓️ Day 84 – Solving Damn Vulnerable DeFi Challenges 🛠️ 🔹 Current Challenge: Puppet v1 ☑️ yo i can’t even hold the urge for 3 days to grind 😭 been slacking on school work too so I’m swapping peak hours for school sessions and non-peak hours for coding 📚 Key Learnings: ✅ Understood the risk of using Uniswap v1 as a price oracle ✅ Learned how token swaps can manipulate AMM reserves and distort pricing ✅ Saw how lending logic can be broken when it depends on spot price from external liquidity pools 💡 Security Mindset: Never trust AMM spot price as a source of truth , liquidity can be manipulated to game collateral calculations 🚨 💡 Reflection: Small changes in liquidity can completely break financial assumptions in DeFi systems

🗓️ Day 83 – Solving Damn Vulnerable DeFi Challenges 🛠️ 🔹 Current Challenge: Puppet v1 🕵️‍♂️ I'm going to pause my grinding for a while since exams are approaching. Maybe after I round everything up, I’ll continue the grind again. Today was all about AMMs and DeFi. 📚 Key Learnings: ✅ Learnt about liquidity and how liquidity providers earn their share for contributing funds ✅ Understood the math behind x * y = k, why both sides must maintain equal value, and the problems AMMs solve ✅ Found out that Vyper is quite similar to Solidity, just more minimalistic ✅ Understood how TWAP is used in Uniswap V2 to reduce price manipulation risks 💡 Security Mindset: Price is not truth in DeFi, liquidity depth and oracle design determine how reliable that truth really is 🚨 💡 Reflection: Math quietly controls almost everything in DeFi, from pricing to incentives to security itself. The deeper I learn, the more it feels like the future will belong to people who truly understand systems and numbers