In the presentation below, Connor Martin, Ex-head of Protocol Partnerships at Uniswap, examines the inner workings and potential vulnerabilities of the Uniswap TWAP oracle and oracle library – which Connor contributed to during his time at the DEX.
Below are some further explanations of key terms mentioned during his talk.
What is Uniswap?
Uniswap is a decentralized exchange (DEX) that allows for peer-to-peer exchanges of ERC20 tokens without the need for a centralized third party. It is a censorship-resistant and immutable protocol, meaning it cannot be upgraded or changed with human intervention. Unlike centralized exchanges (CEX) that use centralized order books, the Automated Market Maker (AMM) design of DEXs make use of publicly funded liquidity pools for exchange. The exchange rates in AMM liquidity pools can be used as on-chain price oracles. There are several ways to derive the price of an asset from AMM liquidity pools, one of them being the calculation of the time-weighted average price – TWAP.
All liquidity pools on Uniswap V3 are able to act as oracles by storing and providing access to liquidity and historical price data. Time-Weighted Average Price, or TWAP, is an aggregation method that calculates the mean price of cryptocurrencies over a specified period of time. Using TWAP to derive the price, instead of simpler aggregation methods, helps to weed out short-term price changes and is also much harder to manipulate. While Uniswap V2 introduced TWAP oracles, the most recent upgrade, V3, introduces some major improvements to this price oracle design. This article by Uniswap provides more details about the V3 upgrade.
On Uniswap V3, prices are expressed and stored using “ticks”. These ticks are distributed in a way that an increase or decrease of 1 tick would equal 1 “bps” at any point. Bps (pronounced as Bip) or Basis Points, are a unit of measure in finance traditionally used to express the changes in interest rates of financial instruments. One basis point equals to 0.01%. How prices, or current tick data is stored, is crucial for effectively querying oracles on Uniswap V3. For a more detailed explanation on ticks and other features of the Uniswap V3 oracle, refer to the documentation here and this medium post that explains the concepts in further detail.
Manipulating Uniswap V3
The first issue with Uniswap V3 that is highlighted by Connor is the likelihood of intra-block manipulation. Intrablock manipulation is a type of attack that happens within the same block in a blockchain. One of the most popular forms of intra-block manipulation are flash loan attacks.
Flash loans allow users to borrow as much as they want with no capital on lending protocols. A flash loan attack occurs when a bad actor takes out a flash loan, manipulates the price of an asset by a large percentage on one exchange, and exploits the inaccurate price by selling, buying, or borrowing against the asset at false prices on another protocol, all within one block. One example of a flash loan attack would be the exploit of $130 million that took place on Cream Finance in 2021.
While the Uniswap V3 oracle utilizing Time-Weighted Average Prices (TWAP) is good for preventing intra-block manipulation, it is less effective at preventing “block-spanning manipulation”, which is a type of manipulation that occurs over several blocks in the blockchain. Connor cites the example of the Rari Capital exploitation as an example of a block-spanning attack. Check out this article by our media partner, Rekt News for full details of the exploit.
This research article by one of BOS22’s platinum sponsors, Euler XYZ, is a great source for more information on the vulnerabilities of TWAP oracles. In this article, Euler’s CEO Michael Bentley provides an in-depth analysis of the true cost of manipulating Uniswap’s V3 TWAP oracle.
The Oracle Library
The Uniswap oracle library was created to help protocols consume prices in ways that were more resistant to manipulation. The oracle library is a suite of functions developed by Connor and the team at Uniswap to help developers easily and safely integrate applications with the V3 oracle. In his presentation, Connor explains how to use the oracle library in full detail. This documentation also provides more information on the functions of the oracle library.
Connor ends his presentation by emphasizing the need for more standardization of oracle data as well as a call to developers to use the open-source oracle library to experiment with price aggregation and logic breaks. He mentions the OracleSlippage.sol contract as an example which can be found here. More details about the security, capabilities and architecture of the Uniswap V3 TWAP oracle can be found in this article by Chaos Labs.
The Blockchain Oracle Summit was the world’s first conference to focus solely on oracles’ importance and design. Leading speakers from across the DeFi-Tradfi spectrum came to Berlin to take deep-dives into the biggest challenges faced in terms of building and using oracles.