Chaos Labs Selected by Uniswap Foundation for TWAP Oracle Research Grant

Overview

The Uniswap Foundation has announced that Chaos Labs have been selected to receive a grant for further research into TWAP vulnerabilities. Uniswap is the world's largest on-chain DEX, with daily transactions totaling up to $1 Billion worth of assets.

We will continue earlier research into TWAP oracles in V3 by exploring different attack vectors exposed by Ethereum's transition to PoS, such as:

Pricing manipulation (e.g., block-spanning attacks)
Block manipulation (e.g., validator bribing attacks)

Details — Attack vectors and manipulation tools

Exploring new attack vectors

The industry has witnessed how poorly constructed oracles can doom a protocol (i.e. Mango Markets) and illiquid markets can entice malicious actors seeking outsized profits (i.e. Aave via CRV). With this in mind, Uniswap launched its own TWAP oracles to provide a competitive on-chain solution with an emphasis on decentralization. These oracles without off-chain influence are a valuable resource for more DeFi native price feeds. But they're not immune and remain vulnerable to pricing manipulation.

In this grant, we will research TWAP oracle vulnerabilities to pricing manipulation covering two main aspects:

1. Market and low liquidity manipulation in a bear market.

2. PoS validator attacks as malicious validators can know ahead of time whether they'll control the next block.

Part of researching manipulation will include comparing Mainnet with L2s. This will help identify structural differences affecting risk on the competing chain types. Our goal will be to propose mitigation strategies, addressing the risk concerns identified.

Community tooling for TWAP Manipulation

All findings will be available on a Uniswap Community page alongside a corresponding analytics dashboard to support engagement. Users will be able to set parameters and run tests on real-time data to better appreciate the feasibility and impact of manipulations. It will also allow for more research into what measures to take to defend against them.

Next steps

We invite everyone to stay on the lookout for new updates on our progress and reach out with feedback or ideas! We will continue engaging the community further as we go along. As always, direct any questions or suggestions to us on Twitter.

About the Uniswap Foundation Grants Program

If you want to learn more about the Uniswap Foundation Grants Program, check out their website. To view the original Chaos Labs grant announcement posted by the Uniswap Foundation, click here.

Chaos Labs receives a Uniswap Foundation grant for LP strategies for V3 (January 24, 2023)
Uniswap V3 TWAP oracle deep dive pt. 2 (May 28, 2022)
Uniswap V3 TWAP oracle tooling and deep dive pt. 1 (March 21, 2022)

Aave

Arbitrum

Avalanche

Avantis

Benqi

Bluefin

Chainlink

Compound

crvUSD

dYdX

Ethena

ether.fi

Gearbox

GHO

GMX

Jupiter

Lido

Liquity

Maker

Nexus Mutual

nftperp

Optimism

Osmosis

Ostium

Radiant

Seamless

Swell

SynFutures

Tapioca

Uniswap Foundation

Venus

Verified USD

Vertex

Wintermute

Zerolend