DEV Community: Mahima Thacker

Are u still confused about how swapping works on Uniswap or other DEXs?

Mahima Thacker — Sat, 29 Mar 2025 05:13:50 +0000

Not anymore 💁‍♀️
This might seem long, but trust me it’s worth every scroll 😉
Let’s break it down in simple terms — no advanced math, no technical fluff.

1/ What is AMM?

An AMM (Automated Market Maker) is like a robot that lets you swap tokens without needing a buyer or seller.
Instead of matching orders like an order book used in a centralised exchange. it uses a liquidity pool (a jar of tokens) and a formula to decide the price. So,
No order books
No middlemen
Just a smart contract doing the job
The formula calculated the price ->X * Y = K

2/ What’s in the Liquidity Pool?

Each pool holds two tokens, say: Token 1 = ETH (e.g., 50 ETH) Token 2 = DAI (e.g., 10,000 DAI)
This pool is created by users (called liquidity providers) who deposit equal value of both tokens.

3/ The Magic Formula: X * Y = K

This is the core logic of how prices are determined.
X = Amount of Token 1 (ETH)
Y = Amount of Token 2 (DAI)
K = Constant value that should never change
As you trade, the values of X and Y shift, but K always remains the same. That’s what keeps everything balanced!

4/ Let’s Understand With an Example:

Before Trade: ETH in pool = 50 DAI in pool = 10,000 Constant K = 50 * 10,000 = 500,000

Now let's say you want to buy 1 ETH using DAI.

After the Trade: ETH left = 49 (because you took out 1 ETH)
To maintain K = 500,000, the pool must now hold more DAI. 49 * Y = 500,000 Y = 500,000 / 49 ≈ 10,204.08 DAI

So the pool needs 10,204.08 DAI after your trade. That means you have to add ~204.08 DAI to buy 1 ETH

That’s how price is automatically calculated — by using the formula, not a person 🫣

5/ Why Price Increases as You Trade?

The more ETH you try to buy, the more DAI you must add to keep K constant.
This makes ETH more expensive with each purchase. That’s slippage — and it’s normal in AMMs

6/ Order Book vs AMM

In an order book, trades are matched between buyers and sellers at the same price.
In an AMM, the price is calculated automatically based on how much is in the pool

7/ Final Takeaway

You’re trading with math, not a person.
The pool keeps everything balanced using X * Y = K.
More buying = price goes up (and vice versa).
No need for someone on the other side — you just interact with the pool!

Reentrancy Attacks - The Hidden Threat in Smart Contracts 😵‍💫

Mahima Thacker — Mon, 03 Feb 2025 16:29:35 +0000

What is a Reentrancy Attack?

A reentrancy attack happens when a smart contract lets an attacker call the same function again and again before the contract finishes updating its data. This means the attacker can steal ETH, tokens, or change how the contract works.

Why Does It Happen?

State updates after external calls: If you transfer ETH or call another contract first and then update your balance, it leaves room for repeated attacks
Trusting User-Controlled Parameters: Relying on inputs from external users or contracts without proper checks

How Contracts Receive ETH?

Smart contracts can receive ETH in three ways:

Payable Functions: Functions marked payable allow ETH to be sent directly.
Fallback Functions: Triggered when no function matches or when data is sent with ETH.
Receive Functions: Special functions for receiving ETH without data (msg.data is empty).

These methods can be exploited if state updates happen after sending ETH, enabling reentrancy attacks.

What You SHOULD Do

Use the “Checks-Effects-Interactions” Pattern

Check: Validate conditions (e.g., “Does the user have enough balance?”).
Effect: Update the contract’s state (e.g., “Deduct the balance”).
Interact: Only then, send ETH or call another contract.

2.Use a Lock (Reentrancy Guard)

Add a “locked” variable to stop reentering the same function.

3.Or use OpenZeppelin’s ReentrancyGuard library to make this easier.

Hence,

Avoid: Updating contract state after external calls.

Do: Validate, update, and then interact.

Extra Layer: Use a reentrancy guard for critical functions.

A small change in how you write functions can save your contract from huge losses. Let’s build secure and reliable smart contracts! 💪

tx.origin vs msg.sender: Which to Use?

Mahima Thacker — Sun, 26 Jan 2025 16:16:43 +0000

When writing Solidity smart contracts, you often come across tx.origin and msg.sender so what’s the difference Between tx.origin and msg.sender?

msg.sender: This is the last caller. It tells you who directly called the contract.

tx.origin: This is the first sender. It tells you who started the transaction, always an external wallet (like MetaMask).

Example:

If a wallet sends a transaction to Contract A, and Contract A calls Contract B:

In Contract B:

msg.sender is Contract A (the most recent caller).

tx.origin is the wallet(EOA) (the original transaction starter).

Using tx.origin for things like security checks can be dangerous. It can make your contract vulnerable to attacks. For better security, rely on msg.sender.

A small detail, but it can make a big difference in your contract's security.

Have You Fallen for a Phishing Scam? Let’s Talk About It 👀

Mahima Thacker — Mon, 13 Jan 2025 10:49:43 +0000

Phishing attacks are tricks used to fool people into doing things that can harm them, like sharing personal details or losing money. It’s a common type of scam.

Types of Phishing: General scams target many people, while spear phishing focuses on specific individuals or groups.

Did You Know?

In 2024, phishing attacks increased by 58%, making them one of the fastest-growing cyber threats.

Cybercriminals send an estimated 3.4 billion phishing emails per day, making it the single most common form of cybercrime.

In the first half of 2024, phishing attacks in the cryptocurrency sector led to losses exceeding $800 million.

Web2 Example:

Fake emails pretending to be from Netflix, asking you to update your subscription.

Web3 Examples:

Fake MetaMask emails asking for your seed phrase.
Websites that look real but steal your wallet details.
Allowing access to your NFTs (ERC721 tokens) through fake approvals.

Have you ever seen or fallen for something like this? Share your experience in the comments to help others stay alert and informed! Your story might help someone else to avoid it.

OverFlow and UnderFlow causes in Solidity

Mahima Thacker — Mon, 06 Jan 2025 16:42:34 +0000

In Solidity, arithmetic overflow and underflow were common issues before version 0.8.0.

Here's a quick overview of UnderFlow and OverFlow:

What is Overflow and Underflow?

Overflow:

When you add 1 to the maximum value of a uint8 (255), it exceeds the range (0-255). Solidity doesn't store values beyond 255, so it wraps back to 0.

Have a look at a function called overflow from the attached image, and the result you will get is 0

Underflow:

When you subtract 1 from the minimum value of a uint8 (0), it goes below the range (negative values aren't allowed). Solidity wraps back to 255.

so this is what we get when we call the function underflow from an image

But in Solidity 0.8.0 or Above it reverts with an error (overflow/underflow checks are enabled).

Why Does This Matter?

Overflow and underflow could lead to severe vulnerabilities in smart contracts, especially in financial calculations.

How to Prevent This? 🕵‍♀️

Use Solidity 0.8.0 or above, where overflow/underflow checks are built-in.
For older versions, use libraries like OpenZeppelin’s SafeMath.
Test edge cases to ensure safety in arithmetic operations.

OverFlow and UnderFlow causes in Solidity

Mahima Thacker — Mon, 06 Jan 2025 16:42:34 +0000

In Solidity, arithmetic overflow and underflow were common issues before version 0.8.0.

Here's a quick overview of UnderFlow and OverFlow:

What is Overflow and Underflow?

Overflow:

When you add 1 to the maximum value of a uint8 (255), it exceeds the range (0-255). Solidity doesn't store values beyond 255, so it wraps back to 0.

Have a look at a function called overflow from the attached image, and the result you will get is 0

Underflow:

When you subtract 1 from the minimum value of a uint8 (0), it goes below the range (negative values aren't allowed). Solidity wraps back to 255.

so this is what we get when we call the function underflow from an image

But in Solidity 0.8.0 or Above it reverts with an error (overflow/underflow checks are enabled).

Why Does This Matter?

Overflow and underflow could lead to severe vulnerabilities in smart contracts, especially in financial calculations.

How to Prevent This? 🕵‍♀️

Use Solidity 0.8.0 or above, where overflow/underflow checks are built-in.
For older versions, use libraries like OpenZeppelin’s SafeMath.
Test edge cases to ensure safety in arithmetic operations.

The Danger of Randomness in Smart Contracts and its solution

Mahima Thacker — Tue, 31 Dec 2024 16:22:43 +0000

In Ethereum smart contracts, getting true randomness can be tricky and dangerous. Here’s why:

The Problem:
When you use common methods like blockhash or now for randomness in Solidity, it can be manipulated by miners. This makes your contract vulnerable to attacks, especially in games or lotteries.

The code in the below attached image seems to generate a random number, but it’s predictable and can be exploited.

The Solution: Chainlink VRF 👀
Chainlink’s Verifiable Random Function (VRF) provides a secure and verifiable way to get true randomness that cannot be tampered with.

Here’s how Chainlink VRF solves the problem:

Chainlink VRF generates a random number off-chain and provides cryptographic proof that it was done fairly.
The smart contract verifies this proof on-chain, ensuring the randomness is - reliable and cannot be tampered with.
The cryptographic process ensures that even miners or oracles cannot influence the outcome, hence guaranteeing true randomness

🤑 What are Stablecoins? Let's break it down!

Mahima Thacker — Sat, 28 Dec 2024 16:35:33 +0000

1/ Stablecoins are like the anchors of the cryptocurrency world. Just as a boat uses an anchor to stay stable in the water, stablecoins keep their value steady, even when the crypto sea gets rough

2/ Why do we need Stablecoins?

Imagine if your $1 today could be worth 50$ tomorrow – that's how volatile some cryptocurrencies can be. Stablecoins solve this by pegging their value to something stable, like the US Dollar or gold

3/ Example Time:

Think of Stablecoins as gift cards. If you have a 💲50 gift card, its value doesn’t change even if the store runs a massive sale. Similarly, 1 USD stablecoin is always worth 💲1, regardless of the crypto market swings.

4/ Types of Stablecoins 👀 :

Fiat-backed: Like a piggy bank with $1 in cash for every $1 in Stablecoins—a guarantee your digital money is solid.

Crypto-backed: Like leaving extra collateral for a borrowed library book—extra crypto ensures stability.

Algorithmic: Like a smart vending machine, adjusting supply to keep everything balanced.

5/ Hence, Stablecoins are like the superheroes of the crypto world—they keep your digital money safe from wild swings, making sure it’s always worth what it’s supposed to be.

Why You Should Attend Events Like Devcon?

Mahima Thacker — Fri, 27 Dec 2024 16:07:43 +0000

I recently attended my first Devcon in Bangkok, and it was an amazing experience! 🌟

For those who don't know, Devcon is the biggest Ethereum-focused conference, bringing together developers, creators, and blockchain enthusiasts to share ideas, learn, and innovate in the Web3 space.

Here’s why I think events like these are worth attending:

Learning Opportunities:Engaging talks and sessions filled with useful ideas that helped me learn more and think in new ways.

Networking: I met incredible people from different backgrounds, exchanged ideas, and made meaningful connections.

Diverse Perspectives: Hearing from global voices expanded my viewpoint and inspired me to think differently.

Joy and Inspiration: The energy of the event was unmatched, leaving me motivated and excited for the future.

If you’re on the fence about attending events like these, take this as your sign to go for it! The knowledge, connections, and inspiration you’ll gain are priceless.

A big thank you to everyone I met and the organisers for making this event so special 🫡

Sharing a few pictures from this memorable experience—so many moments I couldn’t capture, but the memories will stay forever. ❤️‍🔥

Here’s to more learning and exciting journeys ahead! 🚀

Ethereum Transaction Calls and State Changes

Mahima Thacker — Wed, 25 Dec 2024 17:21:31 +0000

Let’s break down how different transaction calls work in Ethereum, and how state changes happen using a simple example🫣:

CALL

Imagine Contract A wants to send 1 ETH to Contract B and run a function there.
When Contract A makes the CALL:
A new environment (EVM instance) is created for Contract B.
msg.sender is Contract A, meaning Contract B knows who initiated the transaction.
msg.value is set to 1 ETH (the amount being sent).
State changes: Even though msg.sender is Contract A, any changes (like updating balances) happen in Contract B's storage, not Contract A’s.

2.STATICCALL

Suppose Contract A only wants to check a balance in Contract B without changing anything.
When Contract A uses STATICCALL:
It’s just like CALL, but no changes are allowed—just reading data.
msg.sender is still Contract A, but Contract B cannot change any state.

3.DELEGATECALL

Now, let’s say Contract A wants to use Contract B’s code but with its own (Contract A’s) storage.
When Contract A uses DELEGATECALL:
Contract B’s code runs, but it affects Contract A’s storage.
msg.sender: The original caller (EOA), not Contract A.

So In-short:

CALL: Contract A triggers changes in Contract B’s state.
STATICCALL: Same as CALL, but only reads data, no changes.
DELEGATECALL: Contract A runs Contract B’s code, but changes are made to Contract A’s storage.

Understanding these helps you see how smart contracts interact and manage state in #Ethereum. 💥

Ever wonder what happens when you send a transaction on Ethereum? 👀

Mahima Thacker — Tue, 24 Dec 2024 16:42:13 +0000

Let's break it down in simple terms👇:

1. Setup: When you send a transaction from your wallet to a smart contract, the EVM (Ethereum Virtual Machine) gets ready. It creates a new environment to run your transaction.
The EVM loads the smart contract's code, sets up an empty stack and memory (kind of like a workspace), and prepares all the important variables.

2. Execution: Now, the EVM starts executing the transaction. It goes through each instruction (called opcodes) one by one.
As it works, it uses up the gas you provided (think of gas as the fuel that powers the transaction).
It updates the stack, memory, and storage as needed. Once it finishes, the EVM clears out the stack and memory, wiping the workspace clean.

3. Success: If everything runs smoothly, the EVM saves the changes made during the transaction to the blockchain.
Any leftover gas is returned to you.

4. Out of Gas: If the transaction runs out of gas before finishing, the EVM stops. All the changes are undone, so nothing gets saved. And you don’t get back any gas.

5. Exception: If something goes wrong (like hitting a require, revert, or assert statement), the transaction is reverted. This means no changes are made to the blockchain. And no refund for unused gas from the gas limit

This is how Ethereum manages your transactions behind the scenes, ensuring everything runs smoothly or is safely undone if something goes wrong 💁‍♀️

What's Version Control and Why Should You Care? 📣

Mahima Thacker — Mon, 23 Dec 2024 12:22:51 +0000

Ever wondered how teams work together on computer projects without chaos?🤔 It's like having a super time machine for your code, and we call it Version Control!

🔄 Version Control is like a magical tool for keeping track of changes in your code. Imagine having a magic wand that helps you fix mistakes, explore different versions of your code, and work smoothly with your team. That's what Version Control does!

Why It Matters:

1️⃣ Teamwork: Version Control helps everyone in your team work together without any confusion.

2️⃣ Fix Mistakes: Made a coding mistake? Version Control lets you go back to an earlier, error-free version.

3️⃣Working Together: You can share your work with others and combine changes easily using Version Control.

Ready to learn more? Check out Episode 1 of our Git and GitHub Tutorial Series to understand the magic! 🚀👩‍💻👨‍💻

👉 (https://www.youtube.com/watch?v=BrBvqj48Bsg)👈