Hot news

Lifinity USDC pool drained by arbitrage bot

Decentralized exchange Lifinity had its LFNTY-USDC pool drained by an arbitrage bot on 8, Dec.

 According to Lifinity’s Discord channel, an unexpected response to a failed trade caused the $699,090 loss.

A bug on an Immediate-or-Cancel order led to the drainage of nearly $700,000 from Lifnity’s LFNTY-USDC pool.

A member of Lifinity’s core team, Durden, explained that a bot attempted an arbitrage trade using the trading pairs USDC > xLFNTY > LFNTY > USDC, to profit from price discrepancies.

Here’s how the events transpired in the @Lifinity_io Discord when the 700k arb happened

I noticed something wrong with LFNTY’s price and alerted zoro, one of the devs on the platform.

At first glance, it appeared that the protocol had gotten hacked— Shardo (@DrashoWho) December 8, 2023

The bot initiated an immediate-or-cancel market order on Serum v3, which must be executed immediately at the current market price if filled.

Orders that cannot be filled immediately are canceled.

“But instead of returning an error, as most programs do, it returned 0 amount out.

Our pools processed the 0 amount in and also returned 0 amount out,” Durden noted before explaining that it led the program to update the last transaction price to 0, making the next starting price also 0. “Since it’s a CP curve, the actual price won’t be 0, but the pool did offer an extremely low price, resulting in the drain right after.”

Lifinity v1 is an automated market maker, which means it uses algorithms to create liquidity in trading pairs.

According to Durden, it relies on constant product market makers, a specific type of model, to maintain an equilibrium between two token quantities in a liquidity pool.

Other decentralized exchanges, such as Unisawp and Bancor, also use this model.

Lifinity v1 doesn’t support a standard constant product curve used in traditional CPMMs, but it can replicate its function.

One of the solutions used to replicate it was calling a “last price” function to the next starting price.

However, since the bug returned a 0 price, the bot was able to exploit the discrepancy and wipe out the funds.

LIFINITY protocol is a DEX built on Solana powered by a proactive market-making algorithm and a swap aggregation engine.

Related Articles

Back to top button
WP Twitter Auto Publish Powered By :