SSSwap
First Flight #41
Beginner FriendlyRust
100 EXP
View results
Previous Next
Submission Details
Impact: high
Likelihood: medium
Invalid

Liquidity Can Be Removed Without Accounting for Ongoing Swaps

nonanondores

Root + Impact

No reentrancy/mutex or tracking of swap state allows liquidity to be removed during pricing edge.

Description

Liquidity providers can remove liquidity while swaps are ongoing, potentially manipulating reserves before swaps are finalized.

// @> liquidity_operations.rs
pub fn remove_liquidity(...) -> Result<...> {
...
// No sync with swap state, no lock/mutex, vulnerable to reserve imbalance
let share_ratio = lp_tokens / total_lp; // @>
...
}

Risk

Likelihood:

  • LP can observe pending swaps in mempool or bundle

  • Then remove liquidity right before swap finalization

Impact:

  • Causes reserve distortion; swap completes with incorrect pricing

  • LP exits with unfair advantage

Proof of Concept

  1. User submits large swap

  2. LP removes liquidity in same block (before swap mined)

  3. Swap executes with reduced reserves, pricing breaks

remove_liquidity(account=lp1, amount=1_000_000); // before block finalized

Recommended Mitigation

Introduce reentrancy locks or state sync and delay liquidity withdrawal after recent swaps:

#[state] is_swapping: bool;
fn swap_tokens(...) {
ensure!(!is_swapping, Error::ConcurrentOperation);
is_swapping = true;
...
is_swapping = false;
}
fn remove_liquidity(...) {
ensure!(!is_swapping, Error::ConcurrentOperation);
...
}
Updates

Lead Judging Commences

0xtimefliez Lead Judge 7 days ago
Submission Judgement Published
Invalidated
Reason: Incorrect statement

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.