Griefing Attack on Proportional Liquidity Addition Through Strategic Asset Swaps
Summary
The MinimalRouter contract's proportional liquidity addition mechanism is vulnerable to a griefing attack where malicious users can manipulate pool ratios through strategic swaps to prevent other users from depositing liquidity.
Vulnerability Details
In the MinimalRouter contract, when users add liquidity using AddLiquidityKind.PROPORTIONAL, the required input amounts are calculated based on the current pool ratios. A malicious actor can exploit this by:
Monitoring pending deposit transactions
Front-running these deposits by performing strategic swaps that alter the pool ratios
Causing the required input amounts to exceed the victim's
maxAmountsInparameters
This attack is particularly profitable for existing LPs since preventing new liquidity providers from joining the pool increases their share of trading fees.
Impact
DOS - The attack can effectively prevent new liquidity providers from joining the pool by making their deposits revert due to exceeding maxAmountsIn limits.
Tools Used
Manual Review
Recommendations
Use a time-weighted average of pool ratios instead of spot ratios when determining the required input amounts. This will mitigate the attack by making it more difficult to manipulate the pool ratios through strategic swaps.
Lead Judging Commences
Informational or Gas / Admin is trusted / Pool creation is trusted / User mistake / Suppositions
Please read the CodeHawks documentation to know which submissions are valid. If you disagree, provide a coded PoC and explain the real likelyhood and the detailed impact on the mainnet without any supposition (if, it could, etc) to prove your point.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.