Safeguarding Uniswap v3 Positions against arbitrage
Yesterday on one official Visor position and a few internal Visor test positions there was a successful position exploit / arbitrage attack which clearly demonstrates how arbitrage is possible, most importantly when the attacker is able to join a position without the usual safeguards (whitelist, restrictive deposit caps, etc) enforced. This post aims to discuss the test hypervisor position exploit. Additionally, This gives us a template of how a position exploit can happen in a live liquidity environment and an exact approach to which one would take. The OHM public hypervisor (Visor position) was targeted but damage was swiftly reversed, implementing more stringent caps and restoring position loss with funds from Visor’s treasury.
For more clarity around the existing safeguards, we will explain the three types of Hypervisors also described as our position manager contracts that Visor Finance deploys.
Public Hypervisors
These are typically selected pairs which have high volume, high TVL and return fees for LP’s at a fairly consistent rate. Visor allows anyone to deposit the single sided asset of the pair, but limits the amount of the asset that can be deposited. For example if someone wanted to deposit into the USDC-ETH pair a 2 ETH individual deposit limit is enforced. Furthermore we have a ‘progressive global cap’. This means that as the TVL in the hypervisor grows, the cap gets slightly raised to accommodate more deposits, but limits the rate at which the TVL grows. The last restriction on the public hypervisors is that the TVL inside can never become more than 20% of the pair on Uniswap v3.
Private Hypervisors
These hypervisors are positions that are actively managed on behalf of DeFi projects. These are also the most restricted in terms of who can deposit. We maintain a whitelist of addresses that can deposit and the ongoing management is a collaboration with Gamma (the active strategy manager).
Visor’s Internal Test Hypervisors
These hypervisors are used internally and only with Visor treasury assets. They are set up for Gamma to test new strategies with, for Visor to test new contract upgrades on and to test exotic pairs like high volatility and rebasing tokens. Our test hypervisors operate under looser safety standards than public /Phantom hypervisors. We never expose them via UI or otherwise to LP’s.
Since the position exploit was done by the party controlling external variables outside the position (price manipulation, etc) in combination with interacting with the unguarded (no caps, no whitelist, no TVL % mandate) test position contracts we are better informed of the way in which price manipulation can affect our LP positions, and as a result, we will able to safeguard our assets more effectively.
What we learned
Visor’s test hypervisors without the usual individual and global caps function as bounties for arbitragers to exploit positions. This has only strengthened our conviction in the current safeguards and necessary restrictions at the contract level on public and private hypervisors. Furthermore, Visor is implementing a new dual deposit mechanism and TWAP share calculation which will allow much higher deposits in a single transaction. New deposits will be limited until the new duel asset deposit flow is completed. No migration of funds will be necessary. Additionally, withdraws function as normal.
Gamma has published a writeup of the mechanics of the Visor position exploit. This will be useful for all Uniswap v3 managers in order to mitigate position exploits of their own positions. Maybe this could also serve as an alternative to our public bounty program. Fund positions with only treasury assets and varying levels of safeguards as a bounty to allow the arbitrager to get a reward and as a way to not risk user funds?
