November 8, 2023: Bot on Bot Violence π€β
MEV bot exploited for 20MM through legacy TriCrypto v2 pool
Youβre busy trading memecoins and jpegs, but all the money remains in MEV.
If you were watching the chain, you may have noticed this gem.
What sorcery is this? A $50MM transaction?
Wait a secondβ¦ whatβs the userβs address on that last image? Looks familiar.
Siri! Enhanceβ¦
Famed white hat hacker 0xCoffeeBabe???!? OK, there must be some sort of big-brained sorcery afoot.
Blessed with hindsight, we can see that the overall effect over the two blocks was to attack an MEV bot, which got exploited for a $2MM loss.
In laypersonβs terms?
Letβs recap the drama that played out over all of two blocks (12 seconds if youβre interested in playing at home).
Etherscan, from block 18523344:
Then the subsequent blockβ¦
The transactions are too complex to really understand what happened via Etherscan. From Phalconβs accounting trace, we can better see the flow of funds.
Overall, the net effect was a draining of $2MM from an exploited MEV bot to another MEV bot. 0x46d9 gains $2MM at the expense of the exploited 0x05f0 in a transaction that moved through the old Curve TriCrypto contract.
To understand the flows, we use MetaSleuthβs visualizer to observe the flows in the first transaction:
A lot going on here. At the very top, an MEV bot (RED) initiated a transaction. The rekt contract (YELLOW) had an open function to market sell WETH for WBTC in the Curve TriCrypto pool.
RED, identifying this function, took out a flashloan of 27K ETH. This ETH got dumped into TriCrypto, causing a momentary imbalance in the price.
The YELLOW contractβs autosell function was then called to trade 1340 ETH (worth ~$2MM) into the imbalanced pool for a measly 7 WBTC (~$250K). The bot walks away with 1K ETH for its trouble.
The very next block is basically the famed white hat C0ffeeBabe cleaning up in the wake of the attack. We can see the pool was briefly in a state of imbalance. Here are the balances in TriCrypto around the attack (0 == Tether, 1 == WBTC, 2 == ETH)
Here is the whole mess of transactions from C0ffeeBabe
The key thing to note here is the balances traded in the Curve and Uniswap pool at the same time. At the moment, ETH was the lucky price of $1888. In Uni v3, the 128.21 ETH was priced correctly at $242,073. In the Curve pool, it was making the same trade for just 125.69 ETH, a difference of 2.52 ETH ($4,758) which ended up in 0x25b7
In the wake, the slower moving TriCrypto price oracle would continue to quote elevated prices until it got back into the same ballpark around block 18523576
In summaryβ¦.
And what does it mean for Curve? In the giant transaction, a nice one time bonus of about $250K
Is this in any way bad for Curve?
You could argue, from the perspective of accruing fees, that itβs better to have the manipulable oracle. Still, probably preferable to have a smoothly functioning pool without manipulations. This is a known issue with the legacy TriCrypto2.
Hence the urgency to upgrade to the new NG pools wherever possible, and the moratorium on new pools awaiting the new NG factories.
Octover 26, 2023: StableSwap-NG Deployed ππ₯³
We knew StableSwap-NG was on its way. But, the launch turned out to be even bigger than anticipated. Yesterday the Wen Llama project spotted something beautiful posted to the Github repo. crv.mktcap.eth is a reader-supported publication. To receive new posts and support my work, consider becoming a free or paid subscriber.
Itβs a bot planet. We just live in it.