We are releasing a tool which allows users to simulate and quantify attack risks on Uniswap V3 TWAP price oracles.
我们正在发布一个 工具 允许用户模拟和量化 Uniswap V3 TWAP 价格预言机的攻击风险。
介绍 (Introduction)
An increasing number of DeFi protocols, Euler included, rely on Uniswap v3 price oracles. These oracles take the average of the spot price on Uniswap v3 for an asset over some specified period in the past; that is, they give a time-weighted average price (TWAP) for an asset, rather than just a current price.
包括欧拉在内的越来越多的 DeFi 协议依赖于 Uniswap v3 价格预言机。这些预言机提供过去某个特定时期内资产在 Uniswap v3 上的现货价格的平均值;也就是说,它们给出了资产的时间加权平均价格 (TWAP),而不仅仅是当前价格。
Although truly decentralized, and much more resilient than the spot prices available onchain previously, they are nonetheless still susceptible to manipulation. It is crucial for protocols and liquidity providers (LPs) to understand and be able to quantify the risks involved in using these oracles. Some unfortunate recent attacks make this all the more obvious.
尽管这真正去中心化,并且比以前链上可用的现货价格更具弹性,但它们仍然容易受到操纵。对于协议和流动性提供者 (LP) 而言,了解并能够量化使用这些预言机所涉及的风险至关重要。最近的一些不幸的 攻击 使这一点更加明显。
We previously explained how Uniswap v3 price oracles can be manipulated, and we’ve already suggested ways to improve the resilience of pools against attempts to manipulate the price, but this is still not a closed topic. To put some real numbers behind our maths, we’ve developed a real-world oracle attack simulator.
我们之前解释了如何操纵 Uniswap v3 价格预言机,我们已经建议改进方法 资金池对操纵价格尝试的弹性,但这仍然不是一个封闭的话题。为了将一些实数放在我们的数学后面,我们开发了一个真实世界的 oracle 攻击模拟器。
攻击模拟器 (Attack Simulator)
Our attack simulator was initially meant to be an internal tool to enable the Euler developer team to monitor the risks associated with the lending and borrowing pools on Euler. However, as we’ve seen some interest from the community in using this tool, we’ve decided to open it to the public. Here it is in its current crude form:https://oracle.euler.finance/
我们的攻击模拟器最初是作为一种内部工具,使 Euler 开发团队能够监控与 Euler 上的借贷池相关的风险。但是,由于我们已经看到社区对使用此工具产生了一些兴趣,因此我们决定将其向公众开放。这是它目前的粗略形式:https://oracle.euler.finance/
The code behind the tool is fully open-sourced. Feel free to get involved and help us develop it further.
该工具背后的代码是完全开源。随时参与并帮助我们进一步发展它。
准备开始 (Getting Started)
So what does the tool do? Essentially, it is trying to answer the question:
那么这个工具有什么作用呢?本质上,它试图回答这个问题:
Given current concentrated liquidity profile of the ABC/WETH pool, what would it cost the attacker to move a N-minute TWAP of the ABC price to x?
鉴于当前 ABC/WETH 池的集中流动性状况,攻击者将 ABC 价格的 N 分钟 TWAP 移动到 x 的成本是多少?
To do this, the tool uses Uniswap QuoterV2 lens and a binary search algorithm to iteratively buy/sell ABC or ETH until we find out how much the attack costs. Let’s jump in:
为此,该工具使用 Uniswap QuoterV2 透镜和二分搜索算法迭代地买卖 ABC或 ETH 直到我们找出攻击成本。让我们一探究竟:
After selecting the token and the pool fee we get a basic price impact profile. Trades between $100k — $10M are simulated on the quoter and presented in the table and the charts. In the example below, we can see that selling $5M worth of WETH in the USDC/WETH 0.3% pool would pump the price of USDC by 1.648% at a cost of ~$60k.
选择代币和矿池费用后,我们得到一个基本的价格影响概况。在报价器上模拟 10 万美元至 1000 万美元之间的交易,并在表格和图表中显示。在下面的示例中,我们可以看到在 USDC/WETH 0.3% 池中出售价值 500 万美元的 WETH 将使 USDC 的价格上涨 1.648%,成本约为 6 万美元。
(基础价格影响图 Basic price impact profile)
It’s more interesting though to set targets the attacker might choose and find the necessary trades. We can try moving the price by a certain percent up and down:
配置攻击者可能选择的目标并找到必要的交易会更有趣。我们可以尝试将价格上下移动一定的百分比:
(目标价格影响 Target Price Impact)
…or to some fixed spot price
或者到某个固定现货价格
(目标现货价格 Target Spot Price)
…or crucially, we can simulate moving the TWAP price, given the window span and a number of blocks that would need to be attacked:
......或者至关重要的是,我们可以模拟移动 TWAP 价格,给定窗口跨度和需要攻击的块数:
(目标时间加权平均价格 Target TWAP)
Here we see that moving a 30 min TWAP of USDC up 10% with one block attack would require pushing the spot price to 898,374.91 with $715M worth of WETH at a cost of $650M…
在这里,我们看到,通过一次区块攻击将 USDC 的 30 分钟 TWAP 提高 10% 需要以 6.5 亿美元的成本,将价值 7.15 亿美元的 WETH 推高至 898,374.91 美元……
The cost calculation assumes the attacker is arbitraged back immediatelly or his attempt to self arbitrage creates a flashbots bid race, effectively prohibiting the attacker to recover his losses beyond the token he traded for, which we also assume can be sold elsewhere at a pre-manipulation price.
成本计算假设攻击者立即被套利,或者他的自我套利尝试造成机器人竞价,有效地禁止攻击者收回他交易的代币之外的损失,我们还假设可以在其他地方来预先操纵价格。
While developing the tool, we’ve noticed that there’s a hard limit on a possible TWAP manipulation, especially with 1 block attacks, which is due to the max and min tick price. Given the spot price p (which is assumed constant outside of the attacked block), TWAP window w, and a number of attack blocks b, the attack can move the price up or down no more than:
在开发该工具时,我们注意到对可能的 TWAP 操作存在硬性限制,尤其是对于单个块攻击,这是由于最大和最小波动价格所致。给定现货价格 p(假设在受攻击区块之外为常数)、TWAP 窗口 w 和攻击区块数量 b,攻击可以使价格上涨或下跌不超过:
MAX_TICK_PRICE = 1.0001**887272
MIN_TICK_PRICE = 1.0001**-887272maxTwapPrice = (p**(w - b) * MAX_TICK_PRICE**b) ** (1 / w)
minTwapPrice = (p**(w - b) * MIN_TICK_PRICE**b) ** (1 / w)
This calculation is provided by the tool in terms of USD and percentage:
此计算由工具以美元和百分比形式提供:
The good news is 1 block attacks can’t ever change the 30 minute TWAP by more than around +100% / -50%, no matter what the liquidity profile of the pool is. And as someone learned recently, hoping to hold the price beyond a single block is a risky endeavor.
好消息是,无论矿池的流动性状况如何,单块攻击都无法将 30 分钟的 TWAP 改变超过 +100% / -50% 左右。正如 最近有人了解到 的,希望将价格保持在单个区块之外是一项冒险的尝试。
The exact delta price that can be moved depends solely on how many ticks are available above and below the current tick, which in turn encapsulates the current price and decimals. As of writing is this:
可以移动的确切 delta 价格仅取决于当前分时上方和下方可用的分时数,而后者又封装了当前价格和小数。在撰写本文时是这样的:
USDC (6 decimals) Tick 198432 61% / -52%
DAI (18 decimals) Tick -77875 95% / -43%
GUSD (2 decimals) Tick 289500 51% / -56%
WBTC (8 decimals) Tick 257523 54% / -54%
SOCKS (18 decimals) Tick 32938 81% / -47%
SHIB (18 decimals) Tick -185630 111% / -39%
SLP (0 decimals) Tick -291406 126% / -33%
Let’s have a look at what we can learn about some of the other pools in the wild.
让我们看看我们可以从其他一些池中学到什么。
WBTC
The cost of inflating the WBTC price by 20% in a 30 min TWAP with 1 block attack is:
在 30 分钟 TWAP 中使用单块攻击将 WBTC 价格抬高 20% 的成本是:
The cost of pumping the TWAP even by a relatively small percentage is astronomically high. WBTC would make for a great collateral, at least in terms of the oracle security.
即使是相对较小的百分比,抽取 TWAP 的成本也是天文数字。 WBTC 将成为一个很好的抵押品,至少在预言机安全方面是这样。
MIM
We can try to push MIM TWAP to the max -43%:
我们可以尝试将 MIM TWAP 推到最大 -43%:
There is a sharp drop off of liquidity in the MIM pool, which means the attacker could drop the price to the lowest tick with 35M trade.
MIM 池中的流动性急剧下降,这意味着攻击者可以通过 3500 万笔交易将价格降至最低点。
Pumping to the max +96% TWAP is way easier:
拉到最大 +96% TWAP 更容易:
And here’s why:
这就是原因:
The MIM collateral is not distributed in the least bit to the upside. In general, whenever there is even a modest amount of distributed liquidity, moving the spot price is likely to be costly because of arbitrage risk. Here, there is no arbitrage risk because there is no liquidity for arbitrageurs to work with. Worth remembering.
MIM 抵押品丝毫没有向上分配。一般来说,只要有少量的分布式流动性,由于套利风险,移动现货价格可能代价高昂。在这里,没有套利风险,因为没有可供套利者使用的流动性。这值得记住。
结论 (Conclusions)
We hope the simulator will prove itself helpful in protecting Uniswap oracles for the benefit of all.
我们希望模拟器能够证明自己有助于保护 Uniswap 预言机,造福所有人。
Also, stay tuned for more news from the Euler risk team, who are developing next gen tooling with a much more comprehensive approach!
此外,请继续关注 Euler 风险团队的更多消息,他们正在使用更全面的方法开发下一代工具!
https://github.com/euler-xyz/euler-oracle-tools
In the meantime, if you want to collaborate and help us improve this tool, get in touch!
同时,如果您想合作并帮助我们改进此工具,请联系我们!
一些技术说明 (Random technical notes:)
-
Currently, the tool is limited to WETH pairs.
目前,该工具仅限于 WETH 对。 -
Token list comes from Coingecko and is also used by Euler.
代币列表来自 Coingecko,也被 Euler 使用。 -
Binary search algorithm finishes when the search space is narrowed down to 1% of its higher bound.
当搜索空间缩小到其上限的 1% 时,二分搜索算法结束。 -
WIP
进展中的工作
关于Euler (About Euler)
Euler is a capital-efficient permissionless lending protocol that helps users to earn interest on their crypto assets or hedge against volatile markets without the need for a trusted third-party. Euler features a number of innovations not seen before in DeFi, including permissionless lending markets, reactive interest rates, protected collateral, MEV-resistant liquidations, multi-collateral stability pools, sub-accounts, risk-adjusted loans and much more. For more information, visit euler.finance.
Euler 是一种资本效率高的无许可借贷协议,可帮助用户从其加密资产中赚取利息或对冲波动的市场,而无需受信第三方。 Euler 具有许多在 DeFi 中前所未有的创新,包括无许可的借贷市场、回应性利率、受保护的抵押品、抗 MEV 清算、多抵押品稳定池、子账户、风险调整贷款等等。有关更多信息,请访问 euler.finance。
加入社区 (Join the Community)
Follow us Twitter. Join our Discord. Keep in touch on Telegram (community, announcements). Check out our website. Connect with us on LinkedIn.
关注我们 Twitter。加入我们的 Discord。在 Telegram 上保持联系(community、announcements)。查看我们的网站。在 LinkedIn 上与我们联系。