The Portal highlights real-time cost of of TWAP manipulation across V3 pools.
2/ But first, why is Oracle Manipulation an attractive exploit vector for attackers?
TWAP oracle manipulation leads to severe consequences for protocols that consume those price feeds, enabling attackers to distort prices, leading to economic exploits. Examples below 👇
3/ @Moola_Market and @mangomarkets, both suffered significant losses due to TWAP oracle manipulation. In each case, attackers exploited thin liquidity to pump collateral value, leading to under-collateralized loans and substantial financial damage.
4/ The @chaos_labs TWAP Market Risk application, leverages pool data, including liquidity depth and exhaustion prices, to quantify real-time manipulation risk across all V3 pools and deployments. Users can view manipulation costs across all pools
5/ The portal factors real-time concentrated liquidity distribution into quantifying manipulation costs:
6/ Furthermore, we quantify capital requirements for moving the current spot price
7/ As well as quantifying the capital requirements for moving the time-weighted average price over a 30-minute window
8/ Real-time data is important, but we'd like to make this information actionable for protocols using TWAPs. Therefore, we allow users to simulate how additional liquidity across specific ticks increases capital requirements for manipulations. Thanks @fedeebasta for this idea!
9/ The research and methodologies for quantifying the price of manipulation can be found in our full-length risk assessment here: chaoslabs.xyz/posts/chaos-la…
10/ As always, we encourage you to check out our application and we'd love to hear your feedback. Your ideas and feature requests can help us make it even more powerful. Explore the portal here: community.chaoslabs.xyz/uniswap/twap
11/ @chaos_labs is dedicated to ensuring the economic and oracle security in the #DeFi space. If you're an application grappling with these challenges, don't hesitate to reach out 🙏
12/ We're incredibly proud to partner on this critical research with our partners at @UniswapFND@Uniswap. Their collaboration is invaluable, and we look forward to what comes next. Stay tuned, as we're releasing additional research with @UniswapFND soon!
• • •
Missing some Tweet in this thread? You can try to
force a refresh
The @LayerZero_Labs Foundation selected @chaos_labs and @nansen_ai to lead protocol usage analysis and Sybil detection.
Below, we provide our analysis principles, methodology, and heuristics, showing our commitment to transparency, integrity 🧵
2/ Principles of Analysis
- Real users should not be hurt; we aim to maximize precision over recall
- We aim to focus on industrial farmers and primarily rely on source of funding analysis heuristics
3/ Data Overview
Total Users: 4.82m
Total User-Chain Permutations: 31.55m
Total Unique LZ user funders: 2.18m
Classified Sybil Users: ~14.5%
Note: This interim analysis includes only EVM chains. @Aptos will be analyzed separately over the coming weeks
We've received outreach about today's market manipulation. This incident is isolated to the $TRB market, resulting in a ~2m loss to $SNX stakers. Let’s give some background before diving into the attack.
2/ @synthetix_io powers various perp markets. Asset listing and monitoring are critical - factors like liquidity, volatility, and holder distribution must be monitored to gauge manipulation feasibility. @chaos_labs automates observability w the Risk Portal.
3/ But this is even more critical in leveraged perp markets, where price movements and risk are amplified. For instance, a 1% price increase with 100x leverage translates to 100% gains, making low-volume markets attractive targets for manipulators.
The overview page presents top-level protocol metrics such as total GLP pool size, 24-hour fees and volume, and total open interest. The page also displays time series data on GLP pool value, composition, short and long open interest, and daily fees
3/ Markets Page
The markets page showcases all assets supported for opening a long or a short position. In its primary view, the page provides users with market metadata, including data on short and long open interest, short and long leverage, and short and long positions.
3/ Year one of ops has included successful partnerships with major DeFi customers, including @AaveAave, @chainlink, @UniswapFND, @BenqiFinance, and @osmosiszone, to secure protocols against manipulation and black swan market events while offering optimization recommendations.