harb/evidence/holdout/2026-03-22-issue517-adversarial-lp.json

{
  "date": "2026-03-22",
  "issue": 517,
  "title": "Adversary parasitic LP extracts 29% from holder — all recenters fail",
  "scenario": "staker-vs-holder",
  "status": "fixed",
  "root_cause": {
    "summary": "PRICE_STABILITY_INTERVAL (300s) too long relative to MIN_RECENTER_INTERVAL (60s)",
    "detail": "After a large trade moving the tick >1000 positions, the 5-minute TWAP average lagged behind the current price by hundreds of ticks, far exceeding MAX_TICK_DEVIATION (50). Recenter reverted with 'price deviated from oracle' for ~285s after each trade, creating a window where the LM could not reposition. The adversary's parasitic LP captured fees during this unprotected window.",
    "revert_reasons": {
      "after_adversary_setup": "price deviated from oracle",
      "after_holder_buy": "price deviated from oracle",
      "after_adversary_attack": "price deviated from oracle",
      "after_holder_sell": "amplitude not reached"
    },
    "johba_comment_confirmed": "Parasitic LP does not directly block recentering (V3 positions are independent). The revert is from the TWAP stability check, not from position interference."
  },
  "fix": {
    "file": "onchain/src/abstracts/PriceOracle.sol",
    "change": "PRICE_STABILITY_INTERVAL reduced from 300 to 30 seconds",
    "rationale": "30s still prevents same-block manipulation (Ethereum mainnet ~12s block time) while ensuring TWAP converges well within the 60s cooldown. After the fix, recenter succeeds within 61s of any trade.",
    "security_impact": "Manipulation window reduced from 5 min to 30s. Attacker must hold manipulated price for 30+ seconds (2.5 blocks) before recenter accepts it. Combined with 60s cooldown, total manipulation window is <60s."
  },
  "tests_added": [
    "testRecenterAfterLargeBuy_TWAPConverges — verifies recenter works after 5 ETH buy + 61s wait",
    "testRecenterRejectsSameBlockManipulation — verifies TWAP check still blocks <30s manipulation",
    "testAdversarialLP_HolderProtected — full parasitic LP scenario, holder loss < 5%"
  ],
  "test_results": {
    "total": 256,
    "passed": 255,
    "failed": 1,
    "skipped": 0,
    "pre_existing_failure": "FitnessEvaluator.t.sol::testBatchEvaluate (requires FITNESS_MANIFEST_DIR env var)"
  }
}
fix: Investigate: adversary parasitic LP extracts 29% from holder, all recenters fail (#517) Root cause: PRICE_STABILITY_INTERVAL (300s) was too long relative to MIN_RECENTER_INTERVAL (60s). After any significant trade moving the tick >1000 positions, the 5-minute TWAP lagged behind the current price by hundreds of ticks, exceeding MAX_TICK_DEVIATION (50). Recenter reverted with "price deviated from oracle" for ~285s — creating a window where the LM could not reposition and adversary parasitic LP could extract value from passive holders. Fix: Reduce PRICE_STABILITY_INTERVAL from 300s to 30s. This ensures TWAP converges within the 60s cooldown while still preventing same-block manipulation (30s > ~12s Ethereum mainnet block time). Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> 2026-03-22 19:45:35 +00:00			`{`
			`"date": "2026-03-22",`
			`"issue": 517,`
			`"title": "Adversary parasitic LP extracts 29% from holder — all recenters fail",`
			`"scenario": "staker-vs-holder",`
			`"status": "fixed",`
			`"root_cause": {`
			`"summary": "PRICE_STABILITY_INTERVAL (300s) too long relative to MIN_RECENTER_INTERVAL (60s)",`
			`"detail": "After a large trade moving the tick >1000 positions, the 5-minute TWAP average lagged behind the current price by hundreds of ticks, far exceeding MAX_TICK_DEVIATION (50). Recenter reverted with 'price deviated from oracle' for ~285s after each trade, creating a window where the LM could not reposition. The adversary's parasitic LP captured fees during this unprotected window.",`
			`"revert_reasons": {`
			`"after_adversary_setup": "price deviated from oracle",`
			`"after_holder_buy": "price deviated from oracle",`
			`"after_adversary_attack": "price deviated from oracle",`
			`"after_holder_sell": "amplitude not reached"`
			`},`
			`"johba_comment_confirmed": "Parasitic LP does not directly block recentering (V3 positions are independent). The revert is from the TWAP stability check, not from position interference."`
			`},`
			`"fix": {`
			`"file": "onchain/src/abstracts/PriceOracle.sol",`
			`"change": "PRICE_STABILITY_INTERVAL reduced from 300 to 30 seconds",`
			`"rationale": "30s still prevents same-block manipulation (Ethereum mainnet ~12s block time) while ensuring TWAP converges well within the 60s cooldown. After the fix, recenter succeeds within 61s of any trade.",`
			`"security_impact": "Manipulation window reduced from 5 min to 30s. Attacker must hold manipulated price for 30+ seconds (2.5 blocks) before recenter accepts it. Combined with 60s cooldown, total manipulation window is <60s."`
			`},`
			`"tests_added": [`
			`"testRecenterAfterLargeBuy_TWAPConverges — verifies recenter works after 5 ETH buy + 61s wait",`
			`"testRecenterRejectsSameBlockManipulation — verifies TWAP check still blocks <30s manipulation",`
			`"testAdversarialLP_HolderProtected — full parasitic LP scenario, holder loss < 5%"`
			`],`
			`"test_results": {`
			`"total": 256,`
			`"passed": 255,`
			`"failed": 1,`
			`"skipped": 0,`
			`"pre_existing_failure": "FitnessEvaluator.t.sol::testBatchEvaluate (requires FITNESS_MANIFEST_DIR env var)"`
			`}`
			`}`