johba/harb
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
harb/evidence/red-team/2026-03-23-floor-ratchet-oscillation.json
johba 69ba4fd44e fix: Floor Ratchet 2000-trade oscillation needs a dedicated full-sequence red-team run (#1082) 
- Expand floor-ratchet-oscillation.jsonl to 2000 buy→recenter cycles
  (10 rounds × 200 cycles at 5 ETH/buy with stake/unstake/sell phases)
- Fix AttackRunner buy_recenter_loop: add vm.warp/vm.roll for recenter
  cooldown bypass and TWAP convergence; use single-signer broadcast
- Fix AttackRunner mine op: advance timestamp alongside block number
- Replace pending 2026-03-22 evidence with completed 2026-03-23 run
- Result: INCREASED (+1230 bps). TWAP oracle blocked 99.9% of recenters.
  Floor ratchet risk from #630 is defeated.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-23 09:12:00 +00:00

24 lines
2.1 KiB
JSON
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{
"date": "2026-03-23",
"candidate": "Optimizer",
"optimizer_profile": "default",
"candidate_commit": "144d6a2",
"lm_eth_before": "999999999999999999998",
"lm_eth_after": "999999999999999999998",
"eth_extracted": 0,
"floor_held": true,
"verdict": "floor_held",
"strategies_tested": 1,
"strategies_total": 1,
"agent_runs": 0,
"methodology": "Full 2000-trade floor ratchet oscillation executed via AttackRunner.s.sol forge simulation (not broadcast — forge broadcast incompatible with try/catch recenter reverts). Attack file: onchain/script/backtesting/attacks/floor-ratchet-oscillation.jsonl. 10 oscillation rounds × 200 buy→recenter cycles (5 ETH per buy), with alternating stake/unstake/sell phases at tax rates 0 and 5. TWAP oracle protection (30s stability window, ±50 tick deviation) blocked 2019 of 2022 recenter attempts. Only 3 recenters succeeded — insufficient to drift positions. LM TVL increased from 9.61e21 to 10.79e21 wei (TVL metric including KRK→ETH conversion). Top-level lm_eth_before/lm_eth_after are snapshot-isolated measurements from LmTotalEth.s.sol (ETH-only metric, excludes KRK). The floor ratchet oscillation vector from #630 is defeated by the TWAP oracle + amplitude threshold + 1% pool fee defenses.",
"attacks": [
{
"strategy": "Floor Ratchet Oscillation — full 2000-trade buy → stake → recenter loop with TWAP drift",
"pattern": "buy → stake → recenter_multi → sell",
"result": "INCREASED",
"delta_bps": 1230,
"insight": "The 2000-trade oscillation variant from #630 is fully defeated. TWAP oracle stability check (±50 tick, 30s window) blocks 99.9% of recenter attempts after buy-driven price moves. The few recenters that succeed do not produce enough repositioning to enable extraction. The 1% Uniswap V3 pool fee on each of the 2000 buy legs (5 ETH × 2000 = 10,000 ETH volume) generates substantial fee income for the LM. Combined with concentrated liquidity slippage on the sell legs, the adversary loses ~12% of capital. The floor ratchet risk flagged in #630 (r=+0.890, 9/34 profitable) does not manifest against the current TWAP-protected Optimizer."
}
]
}
Reference in a new issue View git blame Copy permalink