Lines of code
<https://github.com/code-423n4/2023-10-canto/blob/40edbe0c9558b478c84336aaad9b9626e5d99f34/canto_ambient/contracts/mixins/LiquidityMining.sol#L245-L247>
It is possible for a bad player to use flashloan to manipulate the system by making “valuable” LP to get lower reward than expected, while they get a minimal reward for a liquidity provided that offers no “value” to Ambient DEX.
This attack will thrive under certain conditions:
timeWeightedWeeklyGlobalAmbLiquidity_[poolIdx][currWeek] += dt * liquidity;
timeWeightedWeeklyPositionAmbLiquidity_[poolIdx][posKey][currWeek] += dt * liquidity;
Consider Pool A, which initially has $1,000 worth of liquidity for a time interval of (1 week - 1 second), denoted as 604,799 seconds (dT).
At the start, Pool A’s timeWeightedWeeklyGlobalAmbLiquidity_[poolIdx][currWeek] += dt * liquidity is set to (604,799 * $1,000) = $604,799,000.
Now, an attacker leverages a flash loan to inject a substantial 60,479,900 amount of liquidity into Pool A within a single flash transaction. This action significantly increases timeWeightedWeeklyGlobalAmbLiquidityLastSet[Pool A] to += 1 * $60,479,900 (note: dT = 1).
All the attacker needs is to withdraw liquidity after that and have enough extra to cover for fee and pay back the flashloan for the transaction to be included in the block successfully.
The consequence is a notable 10% surge in the total weighted liquidity. Paradoxically, this surge leads to a decrease in rewards for legitimate LPs during that week. Simultaneously, the malicious actor receives only meager rewards from the protocol.
It’s worth noting that this scenario raises concerns because the liquidity injected by the malicious actor via the flash loan is not utilized for any swaps or trades within the provided timeframe, given its transient nature.
Considering the observed trend of flash loan fees, which have shown a sharp decline from 0.09% in AAVE V2 to 0.05% in AAVE V3, there is a clear indication that flash loan fees may continue to decrease, further increasing the likelihood of such attacks.
Manual review.
To mitigate this type of attack, it is advisable to implement a delay mechanism that ensures liquidity provided by a user remains in the pool for a specified period before being factored into the time-weighted liquidity calculation.
Or consider imposing a Total Value Locked (TVL) threshold for pools to qualify for rewards to prevent very small pools that can be easily inflated.
Other
The text was updated successfully, but these errors were encountered:
All reactions