Lack of comments in POCs
BjornBuug opened this issue · 3 comments
What you guys are doing for the Web3 security community is fantastic, reproducing all DeFi hacks with Foundry. However, I wish I could go through all of them and reproduce them myself. It's a bit overwhelming to read the POCs of the attacks without clear comments indicating what each line does, whether the attack is on a fork or just a testnet. Thanks again for your commitment, but please consider adding comments to make it easier to understand.
In most cases, you could use the relevant twitter link and tx hash(with some on-chain scan like dedaub/phalcon) to help understand the PoC. These resources can make it easier to understand
Thank you for acknowledging our efforts in the Web3 security community. We understand your desire to reproduce the hacks yourself and your concerns about the lack of clear comments in the POCs. We appreciate your feedback.
We suggests manually analyzing the txid of the relevant events once and then comparing it with the POC call flow.
This will help clarify the attack process.
@OuailT I made a quick explanation for one attack a while ago:
https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/src/test/Carrot_exp.sol
I also believe that adding supporting comments when doing PoC's could help others in the future :)