The network for creativity
Join 1.25M professional creatives like you
Connect with clients, get discovered, and run your business 100% commission-free
Creatives on Contra have earned over $150M and we are just getting started
Back to feedPost
One of the critical security bugs I found in the payment code I reviewed
and each of the bugs could have caused serious financial loss
Bug #1: Trusting the payment gateway's response amount šø
The code:
Gateway says: charge $1,000,000
System credits: $1,000,000
User actually paid: $1,000
One compromised API response = $999,000 loss.
The fix?
YOUR database is the source of truth.
ā
Store amount at initialization
ā
Verify gateway matches YOUR record
ā
Credit from YOUR database, not theirs
Never trust external APIs with money.
Day 2/15 | Building Secure Payment Systems
#SoftwareEngineering #Security #FinTech
The network for creativity
Join 1.25M professional creatives like you
Connect with clients, get discovered, and run your business 100% commission-free
Creatives on Contra have earned over $150M and we are just getting started
Related posts
Day 4 of sharing my design work.
// Payment refund card
When payments and refunds happen, users need clarity.
They should instantly understand what happened to their money.
So this card focuses on a few simple things:
ā¢ Clear refund status
ā¢ Transaction amount
ā¢ A quick summary of the transaction
The goal is to remove confusion and make financial interactions feel transparent and easy to track.
I recently rescued a project that revealed a huge trap in how businesses choose tech partners.
The site's foundation was crumbling: outdated PHP and an EOL builder. The previous agency happily wanted to bill for further patches, but no one took responsibility to say: "This architecture is dead."
The client hesitated to hire me because I'm a solo freelancer. A larger agency felt like the "safer" bet. But equating headcount with security is exactly what got them into this mess.
Agencies have ticketing systems; freelancers have personal accountability. I don't bill for band-aids; I build solid foundations.
We're now migrating to a clean Webflow setup. Fixing tech debt is easy. Rebuilding trust is the real work.
Ever noticed this "safety in numbers" illusion? š
True š.
Here's the first 3 things I analyze on a low-converting website:
value proposition & messaging
user flow & friction
trust signals
I quickly explain each one below
š§µ
value proposition & messaging
Does the site clearly explain who itās for, the problem it solves, and the outcome visitors get within seconds?
Trending
aivideo
AI video tools are moving at warp speed. Which ones are you experimenting with?
returntonature
Spring is a reset for creativity. Whatās inspiring you outside the screen right now?
aidesignflow
AI tools are redefining design work. What's your current workflow?
freelancerlife
Freelancer life is wins, pivots, and everything in between. Whatās yours right now?
allthingsmetal
Metal is having a design moment ā from chrome to gates and grates. What designs are you forging?