Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
code423n4Code4renaCODE423N4:2021-06-TRACER-FINDINGS-ISSUES-123
HistoryJun 30, 2021 - 12:00 a.m.

Bots can frontrun market maker orders and cancel orders.

2021-06-3000:00:00
Code4rena
github.com
4
bots
frontrunning
market makers
spreads
liquidity
expiry deadline
mitigation.
JSON

Handle

tensors

Vulnerability details

Impact

Market makers will not be able to have competitive spreads or cancel their orders to update their strategies.
It will be difficult for them to provide liquidity on the platform, which will hurt the platform overall.

Proof of Concept

In traditional finance market makers turn a profit through the spreads they offer. If the market moves to one side or another they can quickly cancel their limit orders and update their order books accordingly.

Since all orders will appear on chain, bots can frontrun cancellation orders by the market makers to get a cheap price (and maybe even sell on the updated market maker’s order book), thus disincentivizing market makers from providing liquidity.

Recommended Mitigation Steps

Hard to say what a proper mitigation could be. A possible solution: If limit orders have an expiry deadline, (e.g. like what uniswap does to with incoming transactions) then this problem would be diminished.

Another similar thing to note: market makers will have to use large amounts of gas to keep updating their limit orders (whether or not a deadline or other mitigation is included). As long as the contracts are fully on-chain, not much can be done about this.

The text was updated successfully, but these errors were encountered:

All reactions

JSON