I recommend this Compound Finance V2 security audit manual. Many lending projects like to fork or refer to Compound, but unfortunately they don't fully understand the details, which leads to some vulnerabilities. Our manual not only explains the architecture, but also lists the checklist for related vulnerabilities:

- Rounding vulnerability caused by empty market
- ​​Reentrancy vulnerability caused by ERC677/ERC777 tokens
- Price manipulation risk caused by inappropriate oracle mechanism
- Exchange rate manipulation risk caused by multiple entry point tokens
- Compatibility issues between new and old versions of contract code
- Hard coding problems caused by multi-chain deployment

Chinese version:

I recommend this Compound Finance V2 security audit manual. Many lending projects like to fork or refer to Compound, but unfortunately they don't fully understand the details, which leads to some vulnerabilities. Our manual not only explains the architecture, but also lists the checklist for related vulnerabilities:

- Rounding vulnerability caused by empty market
- ​​Reentrancy vulnerability caused by ERC677/ERC777 tokens
- Price manipulation risk caused by inappropriate oracle mechanism
- Exchange rate manipulation risk caused by multiple entry point tokens
- Compatibility issues between new and old versions of contract code
- Hard coding problems caused by multi-chain deployment

Chinese version:
https://mp.weixin.qq.com/s/nbzuctGg_Ht62oFvswMmiw