Summary
Using our risk framework and Uniswap V3 price impact tool we give UNI a strong oracle rating.
Methodology
For maximum security of the oracle, it needs to fulfil 3 criteria:
- Liquidity is provided over the full price range
- Elevating the TWAP (Time-Weighted-Average-Price) to a meaningful extent is impossible or extremely costly.
- Depressing the TWAP to a meaningful extent is impossible or extremely costly.
Meaningful extent is contingent on the effective factor (CF X BF) and will be addressed in the analysis.
For more in-depth research on the nature of attacking TWAPs, check out Michael Bentley’s research paper and Seraphim Czecker’s video explanation.
Analysis
The liquidity profile of the 0.3% UNI/WETH pool reveals decent TVL, but also that the liquidity is spread across the full range (non-zero% is 100%). However, it is clear that liquidity is not spread evenly and that UNI/WETH upside is more well-protected than the downside.
Let us explore hypothetical attack vectors.
Pump Collateral attack
Here we consider the likelihood of a ‘Pump Collateral Attack’. This attack follows the following pattern:
- Attacker deposits UNI.
- Attacker inflates the oracle price of UNI by x% by swapping ETH into the UNI/WETH pool on Uniswap.
- Attacker uses the artificially inflated price to borrow more assets from Euler than they ordinarily would be allowed to.
In this scenario, we are trying to find out by how much the TWAP needs to be manipulated for the attacker to start breaking even (x%).
Calculating x% TWAP
This largely depends on the effective borrowing factor. By depositing UNI and borrowing USDC, he is subject to the proposed UNI collateral factor (0.66) and USDC borrow factor (0.94). The effective factor is 0.6204 (0.66 x 0.94), meaning before the attack, depositing $1 million worth of UNI allows a user to borrow up to $620.4k worth of USDC.
To make that borrowable USDC worth $1 million, the attacker must inflate UNI by a certain %. That would be approximately 61.2%, as (1+0.61.2)*0.6204 = 1.
Using our oracle tool, we can determine that size of the trade necessary to inflate the price of UNI/WETH TWAP pool by 61.1%.
Simulating x% TWAP Elevation: 1 block attack
The cost appears to be exceeding 1000 trillion USD. The tool allows us to see the exact price of manipulation for a up to 38% TWAP elevation, which requires 693 trillion USD:
This is clearly not a feasible attack.
Simulating x% TWAP Elevation: 2 block attack
A 2-block attack is more feasible, but still incredibly expensive and likely to fail given the full range liquidity creates arbing opportunities for the entire market:
Dump UNI Collateral Attack
Crashing the price of UNI collateral doesn’t make as much economic sense as inflating to borrow funds, but it would still have negative consequences. Namely, everyone borrowing assets against UNI would be liquidated.
Simulating 10% TWAP Depression: 1 block attack
Clearly, dumping UNI is less costly than pumping it, which makes sense given lower liquidity on the downside vs upside on Uniswap. Nevertheless, it is an extremely expensive attack that is most likely unfeasible.
Simulating 10% TWAP Depression: 2 block attack
While substantially cheaper, it is still extremely expensive given a massive risk of being arbed back.
Dump UNI as a Borrowed Asset Attack
A more interest attack vector would be the following:
- Crash the price of the UNI/WETH TWAP by x%
- Deposit $1 million worth of USDC
- Borrow > $1 million worth of UNI (real market value)
Essentially, x% is the manipulation necessary for the attacker to break even.
Calculating x% TWAP
Like in the attack involving inflating the price of UNI collateral, x% is contingent on the effective factor. As we lend USDC to borrow UNI, we need the USDC collateral factor (0.90) and the proposed UNI borrowed factor (0.76) to arrive at the effective factor of 0.684 (0.90 x 0.76). This means that normally, depositing $1 million USDC worth would allow us to borrow up to $684k UNI worth.
Hence, by crashing the TWAP by -31.6% (1-0.684), the attacker may break even.
Simulating x% TWAP Depression: 1 block attack
Let us try to push UNI/WETH TWAP to by -31.6% instead:
Extremely costly.
Simulating x% TWAP Depression: 2 block attack
Still extremely expensive.
Conclusion
To conclude, we give UNI a strong oracle grading as attacks appear extremely costly on both upside and downside as one-block and two-block attacks.