Bonus Challenges

Now that we’ve covered the basics of Glider, it’s time to put your knowledge to the test with a series of bonus challenges. These challenges are designed to reinforce what you’ve learned by asking you to create queries that identify specific vulnerabilities, code patterns, or statistics.

Challenge #1 - Calls to Curve's get_virtual_price()

Curve pools have a get_virtual_price() function that returns the price of the Curve pool’s LP token. However, due to a known reentrancy vulnerability in Curve pools, the get_virtual_price() function can be manipulated by attackers.

If a third-party contract relies on get_virtual_price() to determine the LP token price, that contract can also be vulnerable to exploitation.

💡 Click here for the solution

Stuck or want to confirm your answer? Visit the link below where you can view and run the solution inside of Glider IDE:

https://glide.r.xyz/query/Eb7Q9mBk

Challenge #2 - Find Long Function Names

In this challenge, your task is to identify functions that have more than 55 characters in it's function name.

We can use Python's len() function to check how many characters a Solidity function has.

💡 Click here for the solution

Stuck or want to confirm your answer? Visit the link below where you can view and run the solution inside of Glider IDE:

https://glide.r.xyz/query/BK94oa8HZ

Challenge #3 - Arbitrary Spender Roles

Contracts that approve tokens to other addresses must ensure that the spender address is properly whitelisted. Failing to do so can lead to serious security risks. For example, in December 2024, Moonhacker experienced an attack where hackers were able to arbitrarily set the spender address for the approve() function, leading to significant losses.

In the next two challenges, we will aim to write a query to identify this vulnerability type.

Challenge #3a - Get ERC20.approve() Spender

In this challenge, your goal is to:

1. Find calls to the ERC20 approve() function.

2. Identify the spender argument passed to the approve() function.

3. Print the spender argument to the Glider IDE Output panel to confirm your results.

This challenge will require you to use function/methods that you haven’t worked with before. Since the goal is to identify calls and print out call arguments, the following Glider methods will be helpful:

• get_components() – To retrieve the different parts of an instruction.
• get_arg() – To find the spender argument in a call.
• isinstance() - Checks if a variable belongs to a specific class.

💡 Click here for the solution

Stuck or want to confirm your answer? Visit the link below where you can view and run the solution inside of Glider IDE:

https://glide.r.xyz/query/Sx82Nnjq

Challenge #3b - Find Arbitrary Spenders

In the second part of this challenge, your goal is to determine if the spender argument passed to the approve() function comes from a function argument. If the spender originates from a function argument, it likely means that the user can arbitrarily set the spender, which could be a potential security risk.

To check if a variable comes from a function argument, call get_object_of_var() on the variable and verify if it is an instance of ArgumentVariable.

Bonus Task

To reduce noise and focus just on public/external functions, update your query to filter out approve() calls made within private or internal functions.

By limiting your results to public or external functions, you can better identify potential vulnerabilities that external users could exploit.

💡 Click here for the solution

Stuck or want to confirm your answer? Visit the link below where you can view and run the solution inside of Glider IDE:

https://glide.r.xyz/query/BRsBRayJq