Paper 2023/973

Demystifying Just-in-Time (JIT) Liquidity Attacks on Uniswap V3

Xihan Xiong, Imperial College London
Zhipeng Wang, Imperial College London
William Knottenbelt, Imperial College London
Michael Huth, Imperial College London
Abstract

Uniswap is currently the most liquid Decentralized Exchange (DEX) on Ethereum. In May 2021, it upgraded to the third protocol version named Uniswap V3. The key feature update is “concentrated liquidity”, which supports liquidity provision within custom price ranges. However, this design introduces a new type of Miner Extractable Value (MEV) source called Just-in-Time (JIT) liquidity attack, where the adversary mints and burns a liquidity position right before and after a sizable swap. We begin by formally defining the JIT liquidity attack and subsequently conduct empirical measurements on Ethereum. Over a span of 20 months, we identify 36,671 such attacks, which have collectively generated profits of 7,498 ETH. Our analysis suggests that the JIT liquidity attack essentially represents a whales’ game, predominantly controlled by a select few bots. The most active bot, identified as 0xa57...6CF, has managed to amass 92% of the total profit. Furthermore, we find that this attack strategy poses significant entry barriers, as it necessitates adversaries to provide liquidity that is, on average, 269 times greater than the swap volume. In addition, our findings reveal that the JIT liquidity attack exhibits relatively poor profitability, with an average Return On Investment (ROI) of merely 0.007%. We also find this type of attack to be detrimental to existing Liquidity Providers (LPs) within the pool, as their shares of liquidity undergo an average dilution of 85%. On the contrary, this attack proves advantageous for liquidity takers, who secure execution prices that are, on average, 0.139% better than before. We further dissect the behaviors of the top MEV bots and evaluate their strategies through local simulation. Our observations reveal that the most active bot, 0xa57...6CF, conducted 27% of non-optimal attacks, thereby failing to capture at least 7,766 ETH (equivalent to 16.1M USD) of the potential attack profit.

Metadata
Available format(s)
PDF
Category
Applications
Publication info
Preprint.
Keywords
Decentralized ExchangeBlockchainDecentralized FinanceMiner Extractable Value
Contact author(s)
xihan xiong20 @ imperial ac uk
zhipeng wang20 @ imperial ac uk
History
2023-08-30: last of 2 revisions
2023-06-21: received
See all versions
Short URL
https://ia.cr/2023/973
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2023/973,
      author = {Xihan Xiong and Zhipeng Wang and William Knottenbelt and Michael Huth},
      title = {Demystifying Just-in-Time ({JIT}) Liquidity Attacks on Uniswap V3},
      howpublished = {Cryptology {ePrint} Archive, Paper 2023/973},
      year = {2023},
      url = {https://eprint.iacr.org/2023/973}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.