SlowMist: Sharing of a safe way to obtain LP prices

Background

At present, the demand for using LP Token for mortgage lending is increasing, but there is currently no comprehensive method for securely obtaining the price of LP Token on the market. In the process of analyzing the method of obtaining LP Token price, the SlowMist security team paid attention to the Alpha Finance team’s method of safely obtaining LP price. After reading carefully, I will share relevant thoughts with everyone.

Analysis of LP Token price acquisition

At present, the common ways to obtain LP Token prices are as follows:

Among them, r0, r1 respectively represent the stock of two tokens in the Uniswap trading pair, and price0, price1 represent the prices of the corresponding tokens of r0 and r1, respectively. The above formula is simply to calculate the sum of the total value of the two tokens in the transaction pair, and then divide by the total number of LP Tokens to get the value of a single LP.

Generally speaking, price0 and price1 will both take the delayed price provided by Uniswap itself. But there is a risk of being attacked by flash loans. Although price0 and price1 cannot be manipulated, r0 and r1 can be manipulated. By manipulating the values of r0 and r1, the entire formula can be manipulated.

So is there a way to obtain a safe LP Token price so that the stock of tokens cannot be manipulated? The Alpha Finance team provided an idea:

According to Alpha Finance’s analysis, the whole process is divided into 3 steps:

1)The first step is to obtain the number of corresponding tokens in the trading pair through Uniswap’s getReserves interface, and calculate K

2)The second step is to obtain the corresponding price of each token in the trading pair, and then calculate the ratio of the token price P

3)The third step is to reverse the true token stock through the relationship between K and P.

After completing the above 3 steps, the final LP Token price acquisition formula will become as follows:

First of all, we know that Uniswap uses a constant product algorithm. To put it simply, x * y = K, that is, the value of K before and after the transaction will not change. Without discussing the handling fee, the K value theoretically will not change. Let us remember this premise first. Then, get the respective price of each token in the trading pair, for example, the price of USDT. Take the ETH-BTC trading pair as an example. Assuming that the price of ETH is 650 USDT and the price of BTC is 22,000 USDT, then the price ratio P of ETH/BTC is 0.03. After obtaining the price ratio P, directly use the K obtained in step 1 to calculate K/P and K*P to obtain a normal quantity of the corresponding trading pair. The following is the corresponding description of step 3, namely the step of obtaining the normal quantity.

Formula explanation

Now let’s explain step 3 above:

First, the formula for constant product is:

In fact, x and y can be calculated separately according to K. Then according to step 2 of the previous section, we get the ratio P of the prices of x and y. Since Uniswap itself determines the corresponding price based on the ratio of tokens in the pool, the ratio P itself is the ratio of x/y prices. Then, since K = x * y, and P is the ratio calculated from the correct price, then we can actually use this real K and x/y to reverse the real x and y.

The calculation is as follows:

First, we get the following formula based on the ratio of P and r0,r1:

Then, according to P, the real r0, r1 can be reversed, as follows:

Then, after getting the correct ratio of x and y, the price of LP will be the following formula:

Then converted to the following:

Will it be attacked?

After completing the analysis of the formula, we know that as long as there is a correct price ratio P, we can reverse the real r0 and r1 according to this ratio, and finally get the formula:

So, can this formula be attacked? From the formula, we can know that the price0 and price1 of the formula are the correct prices obtained by trusted sources. This value cannot be manipulated, and then totalSupply. Although this value can be manipulated, it is in the process of controlling the LP price to attack. Changing totalSupply can only change the amount of your mortgage. This is temporarily useless. Then the only things that can be manipulated are the values of r0 and r1. How to change the value of r0, r1? Two ideas are provided below for analysis:

Idea 1: Direct token exchange

We know that in the token pool, no matter what algorithm is used for calculation, the token pool will inevitably change the number of tokens in the process of token exchange. Can this change ultimately manipulate the formula? Actually it is not possible. We know that in the constant product model, x * y = K is always true, which means that no matter how the exchange of tokens occurs during the transaction, the value of K is always the same. Situation), and the formula uses r0 and r1 to multiply, so it is actually not feasible to use token exchange to manipulate the formula.

Idea 2: Put the tokens directly into the token pool

This kind of thinking is crude. You can directly ignore the K value to manipulate the value of r0 and r1 multiplied, but after my calculations, this method seems to be feasible, but it is not. Although the purpose of manipulation is achieved, because the formula itself uses the root sign model when obtaining the final price, the final profit obtained is the profit after the root sign. For example, if you pay a cost of 10,000, you can only get a maximum of 100 in the end. This is obviously not cost-effective. So this kind of thinking is not feasible.

Scope of application

The scope of application of this algorithm is limited to the acquisition of the LP price of the token pool applicable to the AMM model, because the entire derivation process is based on the basic characteristics of K in the constant product formula. It is not feasible for the transaction pair algorithm to which the acquired LP itself belongs to not use the AMM model, because in this case, all the previous assumptions are no longer valid, so the calculation of the corresponding formula is naturally invalid.

Sum up

LP mortgage has become an urgent need. At present, there is no better way (such as LP price feed provided by ChainLink, Uniswap provides delayed LP interface, etc.), Alpha Finance can be said to be a safer implementation method , Making the attack on quantity control infeasible or very costly. Of course, with the emergence of more and more scenarios, this algorithm is not necessarily omnipotent. The project party needs to combine its own scenarios and use the algorithm reasonably to achieve good results. In addition, it is particularly important to note that although the final form of the formula uses the multiplication of r0, r1 and price0, price1 with the root sign, when it is actually implemented, the specific values of r0 and r1 need to be derived according to K, otherwise There will be a certain error.

Reference link:Alpha Finance’s method of obtaining fair LP prices

About us

SlowMist Technology is a company focused on blockchain ecosystem security. It has served many top or well-known projects around the world through “the security solution that integrated the threat discovery and threat defense while tailored to local conditions” and has nearly a thousand commercial customers. SlowMist’s security solutions include security audit, threat intelligence (BTI), bug bounty, defense deployment, security consultant, and other services. SlowMist is equipped with cryptocurrency anti-money laundering (AML), false top-up scanner, vulnerability scanner, and vulnerability monitoring (Vulpush), hacked project archives (SlowMist Hacked), smart contract firewall (FireWall.X), Safe Staking and other SAAS security products. It has been widely concerned and recognized by the industry.

--

--

--

Focuses on Blockchain Ecosystem Security, have served over 1k+ customers.

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

TOP Network Weekly Report: September 16 — September 22

UGC, NFT and XR, creating the TRUE Meta-universe

This blockchain claims it can have more users than EOS and Ethereum combined. Here’s how.

Recap of Rose Initial Token Distribution Event & Staking is Live

Binance USD integration — RX Wallet Now Supports BUSD!

Why I’m bullish about Blockchain and you should be too

Sports and the Blockchain — a combination long overdue

Dealing with failure in cryptocurrency

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
SlowMist

SlowMist

Focuses on Blockchain Ecosystem Security, have served over 1k+ customers.

More from Medium

Crypto Compliance Series| What is Peel Chain

Lunaray Token Security Scan Report

Sushi & Keystone Partnership: Secure DeFi signing on multiple blockchains

Introducing: Diamond Protocol’s Perp LP Strategy