Assessment reportsPublic findings
Back to Zellic site
Assessment reports>Nocturne>High findings>Arbitrage opportunities bypass deposit limits
GeneralOverview
Findings
High (2)Attacker-deployed ERC-20sArbitrage opportunities bypass deposit limits
Low (3)
DiscussionGas tokens can be identified by index in OperationSchnorr signature documentation typoRedundant order-l check
Threat ModelWhat are threat models?BalanceManager.solCommitmentTreeManager.solDepositManager.solHandler.solTeller.solcircuits
Audit ResultsSummary
Category: Business Logic

Arbitrage opportunities bypass deposit limits

High Severity
High Impact
Low Likelihood

Description

See Finding ref for a description of the security guarantees around the external calls an action in an operation can make.

One logical consequence of allowing actions to execute swaps is that they can turn a profit by finding arbitrage opportunities between cycles of Uniswap pools. This is normally alright, but attackers can create larger-than-usual arbitrage opportunities by spending money outside Nocturne. If they do that and then resolve that arbitrage opportunity inside the protocol using an action, they have effectively made a deposit that bypasses the deposit limits and the screener-signature requirement.

Impact

If an attacker works with an Ethereum block builder, they can create an arbitrage opportunity immediately before the bundle gets processed by intentionally imbalancing a chosen cycle of Uniswap pools.

For example, if they choose tokens A, B, and C, they can use the A/B pool to trade A for B, and then use the B/C and C/A pools together to trade B for A. The former pool will have an inflated quantity of A and a scarcity of B, and the latter pair of pools will have an inflated quantity of B and a scarcity of A. The process can be repeated until all the funds have been spent on imbalancing the pool (or, a sufficiently large flash loan can be taken out so that all the funds the attacker wishes to "deposit" are spent imbalancing the pool in one or a few cycles --- this saves gas).

Then, after the arbitrage opportunity is set up outside Nocturne, they execute a swap inside Nocturne rebalancing that cycle and extracting most of the funds they spent on imbalancing the pool, minus fees. Those funds are then added as refund notes, bypassing deposit limits and the screener-signature requirement.

An attacker must work with a block builder to execute this type of deposit because otherwise there is a significant risk of losing the funds to an arbitrage bot.

Recommendations

Safely check the total value of the assets before and after an action that does a swap, and reject the swap as unsafe if the increase in total value exceeds a threshold. If this check is done on-chain (and bundle submission is still permissionless), care must be taken so that the oracle cannot also be manipulated.

Remediation

Zellic © 2024Back to top ↑