Bi-Level Game-Theoretic Planning of Cyber Deception for Cognitive Arbitrage

Cognitive vulnerabilities shape human decision-making and arise primarily from two sources: 1 cognitive capabilities, which include disparities in knowledge, education, expertise, or access to information, and 2 cognitive biases, such as rational inattention, confirmation bias, and base rate...

Measuring CEX-DEX Extracted Value and Searcher Profitability: the Darkest of the MEV Dark Forest

This paper provides a comprehensive empirical analysis of the economics and dynamics behind arbitrages between centralized and decentralized exchanges CEX-DEX on Ethereum. We refine heuristics to identify arbitrage transactions from on-chain data and introduce a robust empirical framework to...

Optimistic MEV in Ethereum Layer 2s: Why Blockspace Is Always in Demand

Layer 2 rollups are rapidly absorbing DeFi activity, securing over $40 billion and accounting for nearly half of Ethereum's DEX volume by Q1 2025, yet their MEV dynamics remain understudied. We address this gap by defining and quantifying optimistic MEV, a form of speculative, on-chain cyclic...

Hybrid Stabilization Protocol for Cross-Chain Digital Assets Using Adaptor Signatures and AI-Driven Arbitrage

Stablecoins face an unresolved trilemma of balancing decentralization, stability, and regulatory compliance. We present a hybrid stabilization protocol that combines crypto-collateralized reserves, algorithmic futures contracts, and cross-chain liquidity pools to achieve robust price adherence...

MAL-2025-1109 Malicious code in deribit-arbitrage-monitor (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 64bc92786b02e2d413eda2df2dae650fcd3c651e901b32f32ba4fb5c27bbd258 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in deribit-arbitrage-monitor (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 64bc92786b02e2d413eda2df2dae650fcd3c651e901b32f32ba4fb5c27bbd258 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Potential arbitrage opportunity

Lines of code Vulnerability details Impact According to the logic of the protocol , minted tokens can be swapped on AMMs. This is a serious problem as prices on AMMs follow a bonding curve that are independent from the Chainlink pricing feed. This will create arbitrage opportunities for hackers t...

Intrinsic arbitrage between assets due to price feed deviation threshold

Lines of code Vulnerability details Impact Withdrawals have not yet been implemented but I assume it will be implemented in the usual way such that the fraction of total supply of rsETH a user redeems gives him an equal fraction of total assets held, i.e. received = sharesToRedeem totalAssets /...

H-01 Unmitigated

Lines of code Vulnerability details Mitigation of H-01: Issue NOT mitigated Mitigated issue H-01: Intrinsic arbitrage from price discrepancy The issue was that a price discrepancy between the exchange and oracle could be exploited within AfEth for an arbitrage. Mitigation review The maximum profi...

Intrinsic arbitrage from price discrepancy

Lines of code Vulnerability details Impact The up to 2 % price discrepancy from Chainlink creates an intrinsic arbitrage. Especially, it makes withdrawals worth more than deposits in the sense that one can immediately withdraw more than just deposited. Proof of Concept When depositing ETH into...

Potential rewards stealing by manipulating CVX/ETH pool

Lines of code Vulnerability details Vulnerability Details Upon claiming Votium rewards, applyRewards is intended to be invoked in order to exchange the tokens for eth and put the eth received back into the strategies. Based on the current ratio it either stakes the amount into safETH or obtains...

LiquidationQueue brings centralization risk in the contract.

Lines of code Vulnerability details Impact the owner has too much unilateral control over liquidations and can manipulate te country in the following ways: The owner of LiquidationQueue sees a profitable liquidation opportunity Before anyone else can liquidate, they use LiquidationQueue to place ...

Not all features of the protocol are used

Lines of code Vulnerability details Impact In current implementation The protocol won't be so popular as it can be. This is because a lot of transactions uses flash loan. In current implementation flash loan impossible, because user must transfer his funds at the first. This leads to small amount...

Wrong WhitePaperInterestRateModel block per year calculations incur losses for users and the protocol

Lines of code Vulnerability details Vulnerability Details Blocks per year calculations in WhitePaperInterestRateModel improperly assume 15 seconds block time, while on Binance Smart Chain it’s 3 seconds. This has grave consequences, because it is used in calculating borrower’s interest rate and...

Liquidation bots are needed to stabilize the system.

Lines of code Vulnerability details Impact Allowing liquidation bots to arbitrage would stabilize the system. The majority of liquidations are done by liquidation bots. For liquidation bots to be viable there has to exist a secondary market where the assets can be instantly sold. This is especial...

unwrap function in Pair.sol can be exploited by a malicious user to exchange less expensive NFT's for more expensive ones in the pool

Lines of code Vulnerability details Impact nftRemove function burns lpTokens and releases baseTokenAmount and fractionalTokenAmount and then burns the fractionalTokenAmount to unwrap the NFT that is released back to the sender. At the time of unwrapping, code does not check if the tokenIds...

Attackers can obtain rewards through the NFT of the flash loan winning ID

Lines of code Vulnerability details Impact The contract judges whether the user has won a prize, but only judges whether the owner of the nft with the specified ID is equal to the user's address user == IERC721EnumerableUpgradeablesettings.drawingToken.ownerOf request.currentChosenTokenId ; But i...

Unlimited Global & User Withdrawal right after previous period ends and new period begins

Lines of code Vulnerability details Impact Checks for Global and User Withdraw Limit Per Period are missing for the first withdrawal request right AFTER period length expires and a new period begins. First withdrawal request amount after period length expires can be way higher than...

First xERC4626 deposit can break the share calculation.

Lines of code Vulnerability details Impact New xERC4626 vault share price can be manipulated right after creation. Which give early depositor greater share portion of the vault during the first cycle. While deposit token also affected by rounding precision due to the exploit showed in the POC tha...

HARDCODED PRICES FOR STABLECOINS

Lines of code Vulnerability details Impact Hardcoded prices of stablecosins may open some arbitrage opportunities and produce many bad loans in CLM. Proof of Concept Hardcoding price of cUSDT and cUSDC as 1 may open some arbitrage opportunities when real price for each token is a little bit...