-
Notifications
You must be signed in to change notification settings - Fork 0
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Gas Coin Setup Result In Immediate Profitable Arbitrage #580
Comments
Assumes admin error |
DadeKuma marked the issue as insufficient quality report |
Can you explain this a bit more? |
@0xean Re-reading this, it might be a mistake on my part; my initial thought was that As such, it seems that the final intention is to hardcode the liquidity. |
okay, thanks. I think this is probably not a huge impact / small leak of value, but still worth having the sponsor comment to make sure we aren't missing something. |
lumtis (sponsor) disputed |
lumtis marked the issue as disagree with severity |
lumtis (sponsor) confirmed |
lumtis marked the issue as agree with severity |
0xean changed the severity to 2 (Med Risk) |
0xean marked the issue as satisfactory |
0xean marked the issue as selected for report |
Lines of code
https://github.com/zeta-chain/node/blob/main/x/fungible/keeper/msg_server_deploy_fungible_coin_zrc20.go#L34
Vulnerability details
Impact
A gas coin can be added by running the
DeployFungibleCoinZRC20
message. This is most notably done when adding a new blockchain support, because each of them has their respective supported “gas ZRC20” which is the native token of this newly supported blockchain as a ZRC compliant token on Zetachain. These liquidity pools are required because we need to be able to get those “gas ZRC20” at some point in order to burn them to redeem them for an equivalent amount of native tokens.If this new blockchain that is supported is Polygon, then we will deploy a liquidity pool with 0.1 WZETA and 0.1 zrc20-MATIC on deployment so validators can swap these ZETA tokens for the Polygon’s native token.
From the code:
Which calls the
SetupChainGasCoinAndPool
function.This is not an issue for low value tokens, but is for tokens such as BTC, ETH, and SOL.
If we take the example of BTC, with 0.1 BTC having a value of ~4400$ being added with a ZETA token which is going to make the pool imbalanced with a significant value at stake.
An arbitrage opportunity will be created as a first come first serve rule, which is going to be a net loss for the protocol because these “gas ZRC20” can be directly redeemed for native tokens on the blockchain by users by withdrawing the assets later.
Someone could then monitor for new blockchains supported by Zetachain and if the token valuation is extremely disparate compared to the ZETA token, they could backrun the liquidity add by swapping some ZETA tokens and make an instant profit.
In this command, we ask for the
token0
name of the pair 0 which is the ETH ZRC20 gas tokenAnd we can also verify that the balance of each assets in the reserves is 0.1
Next, let’s check for BTC
Make sure that 0.1 BTC is in the reserves
Tools Used
Manual
Recommended Mitigation Steps
Before adding a new blockchain and a gas token, you could either add much less initial liquidity such as a mantissa of -3 to make the BTC amount much less profitable, or make the initial liquidity configurable from the message passing.
Assessed type
MEV
The text was updated successfully, but these errors were encountered: