As the DeFi markets have come to earth, market caps and available liquidity have been reduced drastically, opening the door for previously under-appreciated attack vectors such as oracle manipulation and single actors cornering entire markets. We have seen how a poorly constructed oracle can doom a protocol (Mango Markets) and illiquid markets entice malicious actors seeking outsized profits (Aave/CRV).
On top of market-related risks, the switch to POS has presented new opportunities for attackers to bribe validators to coordinate block manipulation unwittingly.
Chaos proposes to research both avenues of manipulation, including a public-facing tool monitoring the price of Uniswap v3 TWAP manipulation. Attack vectors will be analyzed based on single-block and multi-block time horizons to measure the differences in cost and potential avenues for coordination.
The grant will cover two main tracks to help inform the Uniswap community of these risks:
Example interface from Chaos’ Asset Protection tool
For the stated grant goals above, the deliverables will be:
Chaos Labs has previously delivered work covering Uniswap TWAPs and is deeply familiar with the topic. Examples of prior work are: