Update to Recent Vulnerability Report
Aug 9, 2022
On Sunday, July 31st, the Integral team was alerted to a potential vulnerability within the protocol. The vulnerability was brought to our attention via a submission through Immunefi. Product and user safety are of utmost importance, and we treat each bug bounty submission seriously until proven otherwise. After a verification of the report and its contents, we paused trading and deposits for both FIVE and SIZE. There have been no reports of fund loss or LPs being exposed to excessive amounts of impermanent loss. Both FIVE and SIZE remain in withdraw-only function to ensure all users funds remain safe while the team works to resolve this issue.
In this article, we describe the reported vulnerability conceptually and with illustrative examples.
Vulnerability
The bounty submission outlined a potential pathway of on-chain actions that if taken by a malicious trader and successfully completed, would give financial advantage to the trader (disadvantaging the LPs). In a worst case scenario this could be systematically repeated for profit across a sustained time period.
In summary: a malicious trader, Alice, could take advantage by setting her order submission to purposefully cancel, unless the TWAP settlement price is in her favor in which case she takes a later additional action to go through with the favorable settlement.
The key highlights are as follows:
Alice could first create a large pending swap, with the intention for it to never go through by default (reversion/cancellation) unless a certain market price condition is met.
Alice has a later action (for an on-chain loophole) that can be triggered closer to trade execution time. This can be activated at her discretion, which allows her pending trade to go through (acceptance of the upcoming trade settlement).
Alice has a substantive advantage in ascertaining the settlement price (ie Oracle TWAP) as in the most extreme case, she could wait up to the block before settlement, before triggering her acceptance action. This is at a price that she knows to be favorable to her with high certainty as she could observe nearly the whole TWAP price period.
Fundamentally, Integral architecture is designed for committed traders to swap with LPs; in the long run no user type should have a systematic advantage, as some settlement scenarios favor LPs, and others favor the committed traders. The reported vulnerability showed how Alice could use a loophole pathway to avoid commitment by default, and selectively reach settlement only when the scenario favors her - hence forcing LPs to serve a continued series of worse-than-market swaps (@ prices uncompetitive to the LPs).
Until the dev team can come up with a solution for this loophole, currently SIZE and FIVE are in withdraw-only mode, as trading and deposits have been paused. We have also paused farming rewards until this issue is fixed. We appreciate the patience of the community through all of this.