Attack Cost and Profit from Manipulating Constant Product Market Maker TWAP Oracles in DeFi Protocols.

FEB 07, 2022 • 1 Min Read

Guest Analyst

The following article is a guest post submitted by Delphi Labs Ltd. (“Delphi Labs”). In accordance with Delphi Research’s policies toward User and Third-Party Contributions described in our Terms of Use, all statements and/or opinions expressed are solely the opinions and the responsibility of Delphi Labs and/or the authors. The content does not necessarily reflect the opinion of Delphi Research, which makes no representations or warranties of any kind in connection with the below subject matter.

Metus vulputate eu scelerisque felis. Nulla facilisi cras fermentum odio eu. Scelerisque fermentum dui

faucibus in ornare quam viverra orci sagittis. A iaculis at erat pellentesque adipiscing commodo elit. In

fermentum et sollicitudin ac orci. Ultrices sagittis orci a scelerisque purus. Faucibus ornare

suspendisse sed nisi lacus sed viverra tellus in. Mauris cursus mattis molestie a iaculis at erat

pellentesque adipiscing. Volutpat diam ut venenatis tellus in metus vulputate. Eu consequat ac felis

donec et odio pellentesque. Eu mi bibendum neque egestas congue quisque egestas diam. Quam

lacus suspendisse faucibus interdum posuere lorem. Quam id leo in vitae. Ut faucibus pulvinar

elementum integer enim neque. Id ornare arcu odio ut sem nulla pharetra diam sit. Molestie ac feugiat

sed lectus vestibulum mattis. Ipsum nunc aliquet bibendum enim facilisis. Euismod nisi porta lorem

mollis aliquam ut porttitor.

Iaculis nunc sed augue lacus viverra vitae congue eu consequat. Gravida neque convallis a cras.

Nunc scelerisque viverra mauris in aliquam sem. Non odio euismod lacinia at quis risus sed vulputate

odio. Purus faucibus ornare suspendisse sed. Turpis egestas maecenas pharetra convallis posuere

morbi. Nec feugiat nisl pretium fusce id velit ut. Nunc congue nisi vitae suscipit tellus mauris a diam.

Posuere sollicitudin aliquam ultrices sagittis orci. Urna nec tincidunt praesent semper. Turpis nunc

eget lorem dolor sed viverra.

suspendisse sed nisi lacus sed viverra tellus in. Mauris cursus mattis molestie a iaculis at erat

pellentesque adipiscing. Volutpat diam ut venenatis tellus in metus vulputate. Eu consequat ac felis

donec et odio pellentesque. Eu mi bibendum neque egestas congue quisque egestas diam. Quam

lacus suspendisse faucibus interdum posuere lorem. Quam id leo in vitae. Ut faucibus pulvinar

elementum integer enim neque. Id ornare arcu odio ut sem nulla pharetra diam sit. Molestie ac feugiat

sed lectus vestibulum mattis. Ipsum nunc aliquet bibendum enim facilisis. Euismod nisi porta lorem

mollis aliquam ut porttitor.

Iaculis nunc sed augue lacus viverra vitae congue eu consequat. Gravida neque convallis a cras.

Nunc scelerisque viverra mauris in aliquam sem. Non odio euismod lacinia at quis risus sed vulputate

odio. Purus faucibus ornare suspendisse sed. Turpis egestas maecenas pharetra convallis posuere

morbi. Nec feugiat nisl pretium fusce id velit ut. Nunc congue nisi vitae suscipit tellus mauris a diam.

Posuere sollicitudin aliquam ultrices sagittis orci. Urna nec tincidunt praesent semper. Turpis nunc

eget lorem dolor sed viverra.

lacus suspendisse faucibus interdum posuere lorem. Quam id leo in vitae. Ut faucibus pulvinar

elementum integer enim neque. Id ornare arcu odio ut sem nulla pharetra diam sit. Molestie ac feugiat

sed lectus vestibulum mattis. Ipsum nunc aliquet bibendum enim facilisis. Euismod nisi porta lorem

mollis aliquam ut porttitor.

Oracles represent critical infrastructure for DeFi. Their importance stems not only from their widespread use, but also, and most importantly, from how they’re used within DeFi. Specifically, oracles often lie at the heart of a number of different DeFi protocols and are a key component to their safety model. As such, they represent an important attack vector for protocols who use them and are in fact a common target for smart contract attacks.

In this paper, we explore some common oracle-related attacks, as well as the cost and profit potential associated with them. We focus specifically on CPMM based TWAP oracles, which are a specific oracle implementation that relies on on-chain DEX prices. We conclude with an initial exploration of a framework for safely setting CPMM based TWAP oracle parameters.

Create a free account to continue reading

Go Pro at 40% off

Immediately access the entire catalog of research for Delphi, Office Hours & private Discord