Print Email Facebook Twitter Mitigating sandwich attacks in Kyber DMM Title Mitigating sandwich attacks in Kyber DMM Author Yüksel, Akif (TU Delft Electrical Engineering, Mathematics and Computer Science; TU Delft Cyber Security) Contributor Ersoy, O. (mentor) Erkin, Z. (graduation committee) Urbano, Julián (graduation committee) Degree granting institution Delft University of Technology Programme Computer Science and Engineering Project CSE3000 Research Project Date 2021-07-01 Abstract Kyber is a Decentralized Finance (DeFi) system which runs on the Ethereum blockchain. DeFi aims to remove centralized intermediaries such as Market Makers. An Automated Market Maker (AMM), implemented in a smart contract, is a decentralized version of these. Kyber's Dynamic Market Maker (DMM) is a next-generation AMM which solves two issues: Capital Inefficiency (CI) and Impermanent Loss (IL). CI is decreased by an amplification factor which a Liquidity Provider sets upon creaton of a liquidity pool, whereas IL is decreased by dynamic fees. A DMM features two reserves: one real reserve that reflects the true amounts of the two tokens in the pool and one virtual reserve that reflects the amounts after the amplification factor is applied. The vulnerability to a sandwich attack exists because the virtual reserve ratio can be unbalanced by an attacker. This results in slippage for the victim when their transaction gets executed. Finally, the attacker can perform a swap using the incorrect ratio. The research question of this paper is: How can one mitigate sandwich attacks in Kyber DMM? Kyber's current mitigation features slippage protection to protect users from sandwich attacks. The slippage protection is implemented by adding two parameters to the function used when adding liquidity: one for specifying the lower bound for the virtual reserve ratio and one for specifying the upper bound. However, this mitigation is only present in the router. Therefore, users interacting with the pool contract directly remain vulnerable. To show that this is true, we modify Kyber's test case for sandwich attacks to encompass the mint function in the pool contract. The existing mitigation can be broadened by implementing a code correction in the mint function like the one present in the function used when adding liquidity. Subject Decentralized FinanceKyberSandwich attackBlockchainCyber Security To reference this document use: http://resolver.tudelft.nl/uuid:58ac3b00-10fb-44cd-b1eb-1e1139c39fd7 Part of collection Student theses Document type bachelor thesis Rights © 2021 Akif Yüksel Files PDF Mitigating_sandwich_attac ... Yuksel.pdf 528.61 KB Close viewer /islandora/object/uuid:58ac3b00-10fb-44cd-b1eb-1e1139c39fd7/datastream/OBJ/view