QuantAMM

Summary

The UpliftOnlyExample contract's donation functionality is vulnerable to front-running attacks that allow attackers to extract value from donations intended for legitimate LPs by exploiting the immediate distribution mechanism.

Vulnerability Details

In the UpliftOnlyExample contract, when donations are made using AddLiquidityKind.DONATION, the value is immediately distributed to all current liquidity providers proportional to their share. This creates an opportunity for attackers to:

1. Monitor the mempool for incoming transactions that will have a donation

2. Front-run these transactions by:

   • Adding a large amount of liquidity just before the donation

   • Receiving a proportional share of the donation

The key issue is in the donation distribution mechanism where all existing LPs get a share of the donation regardless of when they deposited. This means that if an attacker can front run a donation they can extract a portion of the donation for themselves even though they were never an LP prior to the block that the donation was made.

This vulnerability is particularly impactful because:

• It can be exploited across multiple pools and chains

• The attack becomes more profitable with larger donations

• It undermines the intended benefit for long-term liquidity providers

Impact

Loss of yield - Legitimate long-term liquidity providers lose their fair share of donation yields to attackers who exploit the timing of donations through front-running.

Tools Used

Manual Review

Recommendations

Consider dripping the donation in at a linear rate over time. This would make the attack unprofitable since the yield from the donation would not come in all at once instead it would be spread out over time.

I have seen this implemented in other protocols and it works well, if you need help implementing this I would be happy to help.