In this article we look at type of economic attack on DeFi projects in the form of manipulation of price oracles.

On Ethereum, where everything is a smart contract, so too are price oracles. As such, it’s more useful to distinguish between how the price oracle gets its price information. In one approach, you can simply take the existing off-chain price data from price APIs or exchanges and bring it on-chain. In the other, you can calculate the instantaneous price by consulting on-chain decentralized exchanges.

Both options have their respective advantages and disadvantages. Off-chain data is generally slower to react…


A few months ago Extropy published a survey on Ethereum staking solutions, in this article we introduce staking on a new PoS blockchain, Mina.

Mina is known for being the world’s lightest blockchain! Individuals or businesses can contribute to network security by becoming nodes or block producers. They can contribute to transaction cost reduction by becoming SNARK producers, or they can do both. Extropy.io is a genesis member of Mina and has been running its own block producer and “SNARK worker” since the mainnet launch.

Mina is the first cryptocurrency protocol with a succinct blockchain. Current cryptocurrencies like Bitcoin and…


In light of the recent $611 million exploit of PolyNetwork we present a short overview of smart contract auditing and explain our audit process. Extropy is working on tools to give more insight into exploits based on tokenomics, how these can be detected and avoided. For further information about recent exploits please visit our security bulletin, and sign up to our monthly newsletter.

A smart contract audit is a thorough investigation and examination of a smart contract’s code. An audit aims to uncover any errors, vulnerabilities and security issues and provide remediation or suggestions on how they can be addressed.


Following our previous post, Coding a DeFi Arbitrage Bot, many readers report an issue preventing the arbitrages executed by our bot from completing successfully. As it turns out, this issue is caused by frontrunners, executing the trades before our trading bot itself, so that the order on the 0x exchange isn’t available anymore by the time our bot is about to finish the arbitrage successfully. What is happening here is better described by what has become the essential textbook on arbitrage bots, Flash Boys 2.0:

Like high-frequency traders on Wall Street, these bots exploit inefficiencies in DEXes, paying high transaction…


Run faster with security

Openzeppelin is mainly known in the Ethereum community for its set of utility smart contracts, that are used on a daily basis by Solidity engineers who want to develop faster with security (DevSec).

Openzeppelin Defender was born out of the idea to streamline the connection between DevOps and put security in every step. The goal is to develop and ship faster while following best practices, avoiding shorcuts.

Defender gives developers the tools and infrastructure to work faster and streamline various otherwise manual and error-prone tasks, in order to run faster with security (SecOps)

Defender is divided…


Successful audit

Our process: https://lnkd.in/e2BaHbS

Float’s article: https://bit.ly/3feDosk

Audit report: https://bit.ly/3uKAMZF

We recently provided a security audit for Float Protocol and received positive feedback from the team.

Projects should have their smart contracts and blockchain protocols thoroughly audited before they are released.

Extropy have been auditing smart contracts since 2017 and advising clients on the best security practices.

If you would like to know more about our process please get in touch.

Extropy.io are a consultancy for blockchain and cryptography based in Oxford, UK.

We help businesses and startups realise the full potential of blockchain and bring cutting edge technology to all our clients.

Website: extropy.io

Twitter: https://twitter.com/Extropy

LinkedIn: https://www.linkedin.com/company/extropy-io-ltd

Telegram: https://t.me/joinchat/Tj6wK0GXnxKt3J14


Introduction

Ethereum 2.0 staking is the latest and hottest way to earn passive income as a node validator, it boasts high and predictable-ish returns that are attracting many investors and allowing to earn secondary products such as erc20 tokens or collateral loans in order to stay liquid while the funds are locked up. Eth2 staking will likely introduce new DeFi yield farming strategies, bringing along new and unprecedented DeFi hacks.

In this article we present a survey of the main staking solutions out there, as well a detailed costs and profits analysis in order to help readers choose how much they…


In the first part of this series we explained what arbitrage means in the context of decentralized finance and our chosen bot strategy for spotting profitable opportunities between decentralized exchanges.

In this second and final article we will conclude the arbitrage bot tutorial by diving in the code step by step, and illustrating alternative strategies and future improvements that readers could use in order to make the bot production ready, i.e. profitable.

Before we dive in, lets make a clarification about why the bot isn’t profitable as is; the code example is fully working and could be run with no…


In our previous article, we introduced Decentralized Finance as a whole, casting light upon the basic building blocks of this new ecosystem and the main strategies used to earn passive income, mainly “yield farming” and “arbitrage”.

In this article we are going to guide the readers through a step by step tutorial for building an arbitrage trading bot that works with decentralized exchanges, the bot will also get flashloans in order to borrow funds to use for arbitrage. The full working code can be found on Extropy.io’s

Extropy.IO

Oxford-based blockchain and zero knowledge consultancy and auditing firm

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store