52 - Front-running pool’s initialization can lead to draining of liquidity provider’s initial deposits
A front-run on UniswapV3Pool.initialize allows an attacker to set an unfair price and to drain assets from the first deposits.
There are no access controls on the initialize function, so anyone could call it on a deployed pool.
Initializing a pool with an incorrect price allows an attacker to generate profits from the initial liquidity provider’s deposits.
1. move the price operations from initialize to the constructor,
2. add access controls to initialize, or
3. ensure that the documentation clearly warns users about incorrect initialization.
- ToB Audit Uniswap V3 Finding 7
- Timing/Access Control
- Medium Severity
- Front-run Initialization
- Drain LP deposit
- Use Constructor
- Protect Initilization
- Youtube Reference
- Medium Risk severity finding from ToB’s Audit of Uniswap V3