Abstract

As the DeFi markets have come to earth, market caps and available liquidity have been reduced drastically, opening the door for previously under-appreciated attack vectors such as oracle manipulation and single actors cornering entire markets. We have seen how a poorly constructed oracle can doom a protocol (Mango Markets) and illiquid markets entice malicious actors seeking outsized profits (Aave/CRV).

On top of market-related risks, the switch to POS has presented new opportunities for attackers to bribe validators to coordinate block manipulation unwittingly.

Chaos proposes to research both avenues of manipulation, including a public-facing tool monitoring the price of Uniswap v3 TWAP manipulation. Attack vectors will be analyzed based on single-block and multi-block time horizons to measure the differences in cost and potential avenues for coordination.

Grant Goals

The grant will cover two main tracks to help inform the Uniswap community of these risks:

1. Researching the feasibility and rationality of different attack vectors
   1. Attack vectors:
      1. Market and low liquidity manipulation
      2. POS-based bribing attacks
   2. Mainnet vs. L2 structural differences and vulnerabilities
   3. Potential mitigation strategies for A & B above that the protocol or users may employ to prevent and defend against these concerns
2. Develop a public-facing dashboard hosted on community.chaoslabs.xyz/uniswap that highlights these attack vectors while allowing users to manipulate inputs to understand their implication on attack economics & defense strategies
   1. This dashboard will regularly update, showing the latest data from on-chain and off-chain resources regarding attack costs, block production, and relevant DeFi liquidity.
   2. It will allow users to input data and change parameters to measure different strategies' manipulation costs and impact.

Example interface from Chaos’ Asset Protection tool

Deliverables

For the stated grant goals above, the deliverables will be:

1. A chaos-written and published research report, including a public discussion hosted on Twitter or Crowdcast
2. A chaos-hosted dashboard free to use for public consumption to understand TWAP manipulation risks and strategies to prevent them

Team

Chaos Labs has previously delivered work covering Uniswap TWAPs and is deeply familiar with the topic. Examples of prior work are:

• Uniswap v3 TWAP Oracle Tooling and Deep Dive Pt. 1
• Uniswap v3 TWAP Oracle Deep Dive Pt. 2