This shows that manipulating the TWAP over a 1-2 block attack (the most realistic for an attacker) would cost at least $72 million, which is clearly not feasible.
Conclusion
Given the presence of full-range liquidity and substantial cost of attack, we give the asset above a strong oracle rating.
Is it good enough that there is full range liquidity? Lets say i just deposit 0.01 ETH and 100 MATIC across the full range of liquidity, does that help prevent a certain kind of attack?
Should there be a particular framework for the threshold amount of liquidity required in the tail ends that help us understand the risk level? (maybe % of liquidity outside of 3 standard deviations?)
Just want to hear your thoughts about this since the liquidity at the tail ends for MATIC seems about 50% thinner than LINK’s!
These are very fair points! In general, even a small amount of liquidity can make an attack substantially pricier. For eg, the IDLE/WETH pool a month ago had about $50k in TVL spread across the entire range, yet it made the minimum cost of attack over 2 blocks a whopping $115 million. Mind you it has only been provided by very few people, but it does show the strength of even small liquidity locked in.
As a rule thumb, any decent liquidity locked in over the full range exponentially increases the cost of attack, as per our simulations. You’d be surprised by how strong the oracles of relatively obscure projects trump those like DYDX and 1inch purely due to small amount of full range liquidity.
What is decent liquidity though? 0.01 ETH and 100 MATIC over the entire range is certainly not enough. Generally, it’s good to see at least $50k in TVL spread over min to max tick, as empirically this seems sufficient to prevent attacks.
The exact cost of attack around a certain area of the liquidity range is something we’re currently working on. The current oracle tool uses the current univ3 LP and spot price to determine the cost of attack, however, for a simulated environment we are recreating the entire process off-chain and then we’ll test different scenarios involving tails only.
On a more theoretical side: one way of generalising the cost of attack is simulating attacks whereby we simulate the placement of the current price in different ticks every time. So we’ll try to move the price assuming it’s currently at the very first tick of the liquidity profile, then try the same over tick+1, tick+2 etc. This should give a neat idea of costs of attacking around the tails. We’ll be publishing some research around this in the coming weeks.
The Oracle safety has been updated. After successful full-range liquidity provision from FTX Ventures and Polygon team, the minimum cost of attack has risen to $400mil. This liquidity is a public good, and therefore will not be withdrawn without further notice.
