I agree with this. Also in my opinion, I beleive there are some big brain devs doing sick math that intentionally code contracts with these vulnerabilities then proceed to use flash loans anonymously with wallets to exploit code they created. Large sums of crypto could motivate big brain devs with sick math to look for these possible vulnerabilities but it doesn't seem feasible to do it at random. Likely being thought out in code testing phases. Once it passes an audit, it builds confidence in funds being available to the exploit. Most audits never consider flash loan possibilities.

I always wonder how these so called "hackers" compute all these stuff out of the random. Like randomly picking some exchange and going through each and every pair doing complex math until they find an opportunity? Doesn't really make sense

I bet there are automatic bots constantly and 24/7 doing these maths and calculating possible attack scenarios. No more need for manual scanning in an open source defi world with clearly no limits when it comes to numbers.

There are bots for exchanges yes. I am mainly referencing the large defi contract hacks for millions of dollars in crypto we hear about.

When devs set out to code x contract understanding diligent teams will get an audit, there still exists the opportunity to leave accidentally or on purpose a flaw or exploit vulnerable to flash loans. Most audits never went into contract security thinking about the idea of flash loans giving a person far more money than they ever had.

For example, auditors may see something and decide that is isn't a problem because a single person wouldn't risk 25 Million dollar worth of crypto to potentially fail. Flash loans now make millions of dollars very real to anyone and the risk of failure is boiled down to a transaction fee.

Audit firms are now aware that they must consider this when they evaluate contracts now. So hopefully the exploits that have occured will lead to tighter security.

I was referencing to it too. Contracts can be coded as wished and also coded/deployed by bots. Even if not doing so, you can fork the ethereum state and let your bots make hypotetical calculations (in private testnet) without ever touching mainnet and then attack when profitable. I don't see flash loans as bad per se. I see it the other way: How would my contract react, if a millionaire decided to step in? Can the millionaire deposit in then withdraw right away? If yes, there should be some limits. If no, all good.

For sure. I like flash loans as well.

But it depends on what the current attack actually was. Seems like an inside job or something, as AlphaFinance wrote: "We're in the process of investigating the stolen fund, and have a prime suspect already." Sounds kind of like that for me.

They're the hedgefunds of DeFi - but for the small people

This is wow.

Flash loan attacks only work in one transaction (or of course a critical vulnerability, but as mentioned then the problem is not the flash loan but the vulnerability which was leveraged). So preventing that is the way to bypass such risks.

Talking not only flashloan here. There could be other misbalancing techniques we dont know about

Or actually make the project's token worthless

Yes of course, but whenever a flashloan can leverage a reward, prevent that at any cost. Then the users wait but on the other hand the project survives longer.

Lol

Seems that many platforms continue to ignore that possibility

That gets back to my original point of plausible intent.

Who would ethically ignore that?

Its just like popularity off reentrancy earlier. Will take some time to mitigate, but they'll come to senses

Its either ignorance or intentional, neither of which are acceptable.

Where money is concerned

Dont think you should seek a bad intent where everything is explained by a man’ stupidity

Yeah, the stupidity could be one man's understanding of the next man's stupidity.

Man with bad intent knows man with good intent won't notice the bug. Happens all the time and yes it boils down to intent.

To be clear, I am only throwing the plausible point of intentional coding of flash loan vulnerabilities. Rather than assume that isn't the case I would like to rule that out definitively before making a conclusion.

Looks like a conspiracy theory to me. Always assume good in the others, most of the time you would not make a mistake.

There could be some percent of malicious actors in the community of defi devs, but look at the number of flashloan exploit cases. They just could not predict the consequences of their own code interacting with others.

Everything is assumption without proof.

I cannot assume the good in others when even you admit there are bad actors in the space. This isn't a judgment on anyone especially devs, for everything there is balance. There are even good cops, and few bad apples, both wear a badge.

Actually, it does support solidity. Just saw a medium post

For developing dapps applications though, is it good to go with it? Or something better?

better

Don't know really. I only know a handful of people still using visual studio for anything😅.

Yeah for sure

And you have hardhat/truffle, which is way better

2000ish

maybe u are wright

I have tons of respect for developers, so much learning and ever increasing curve for new languages.

but it is fantastic for me

Congratulations, you are officially old xD

😂😂

but i use post man
i am astronut