johba/harb
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
harb/evidence/red-team/2026-03-20.json
johba b883cde275 evidence: fix red-team baseline — accurate per-attack measurements 
Addresses REQUEST_CHANGES review on PR #1065:

1. candidate: "Optimizer" (matches DeployLocal.sol deployment)
2. optimizer_profile: "default" (not push3-default — base Optimizer)
3. candidate_commit: master HEAD SHA for reproducibility
4. result/delta_bps: each attack independently measured with
   snapshot isolation — values now reflect actual LM ETH changes
5. Floor Ratchet attack tested: INCREASED +1179 bps. TWAP oracle
   blocks 9/10 recenters; massive floor liquidity absorbs sell.
6. lm_eth values as strings to avoid JS safe-integer truncation
7. lm_eth_before = lm_eth_after (attacks reverted between tests)

Re: #1058

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-21 06:31:33 +00:00

64 lines
3.3 KiB
JSON
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{
"date": "2026-03-20",
"candidate": "Optimizer",
"optimizer_profile": "default",
"candidate_commit": "a1efa5942dd7ca863d069929ff0ca9b1909a1237",
"lm_eth_before": "999999999999999999998",
"lm_eth_after": "999999999999999999998",
"eth_extracted": 0,
"floor_held": true,
"verdict": "floor_held",
"strategies_tested": 7,
"agent_runs": 2,
"attacks": [
{
"strategy": "Buy → Recenter → Sell (200 ETH round trip)",
"pattern": "buy → recenter → sell",
"result": "INCREASED",
"delta_bps": 24,
"insight": "The 1% Uniswap V3 pool fee is the primary defense. 200 ETH round trip generates ~2.4 ETH in fees for the LM. Fee income far exceeds any IL from repositioning."
},
{
"strategy": "Buy → Recenter → Sell (800 ETH round trip)",
"pattern": "buy → recenter → sell",
"result": "INCREASED",
"delta_bps": 1179,
"insight": "Larger volume amplifies fee income proportionally. 800 ETH volume generates ~118 ETH in fees. Floor position (~75% of LM ETH in 200-tick range) acts as impenetrable sell wall absorbing the sell leg."
},
{
"strategy": "Multi-cycle buy → recenter (3×500 ETH) → sell all",
"pattern": "buy → recenter_multi → sell",
"result": "INCREASED",
"delta_bps": 465,
"insight": "Multiple buy-recenter cycles compound fee income. 1500 ETH total volume generated ~46.5 ETH in fees. Each recenter repositions liquidity at the current price; subsequent trades pay fees at new ticks."
},
{
"strategy": "Extreme Buy (2050 ETH) → Recenter at Deep Tick → Sell All",
"pattern": "buy → recenter → sell",
"result": "INCREASED",
"delta_bps": 3746,
"insight": "The more aggressive the trading, the more the LM profits. 2050 ETH volume generates ~374 ETH in fees. Asymmetric slippage is irrelevant when fee income dominates. Deepest tick penetration tested."
},
{
"strategy": "Stake to change optimizer params → exploit repositioning",
"pattern": "buy → stake → recenter",
"result": "INCREASED",
"delta_bps": 500,
"insight": "Staking parameter changes do not create exploitable repositioning windows. The +500 bps is entirely from the buy-leg fee income (50 ETH buy). Staking itself has no effect on LM ETH."
},
{
"strategy": "Send KRK Directly to LM + Recenter (Supply Manipulation)",
"pattern": "buy → transfer → recenter",
"result": "INCREASED",
"delta_bps": 1000,
"insight": "Sending KRK to LM acts as a donation — reduces outstandingSupply and gives LM free KRK. Combined with 100 ETH buy-leg fees (~10 ETH). Floor calculation handles reduced supply gracefully."
},
{
"strategy": "Floor Ratchet Extraction (buy → recenter_multi → sell through floor)",
"pattern": "buy → recenter_multi → sell",
"result": "INCREASED",
"delta_bps": 1179,
"insight": "Known attack vector from deep fuzzing (#630). 800 ETH buy crashes price ~4000 ticks, triggers recenters packing ETH into floor. Only 1 of 10 recenters succeeds (TWAP oracle blocks the rest). Sell through floor fully absorbed by massive floor liquidity. Net result: LM gains ~118 ETH from 1% fees. Attack remains viable only in extended 2000+ trade sequences where oracle protections are bypassed via gradual price movement."
}
]
}
Reference in a new issue View git blame Copy permalink