Possible liquidity deflation attack

[code423n4]

Lines of code

https://github.com/code-423n4/2022-12-caviar/blob/0212f9dc3b6a418803dbfacda0e340e059b8aae2/src/Pair.sol#L63

Vulnerability details

Impact

The AMM implemented in the Pair contract is subject to a liquidity deflation attack upon deployment. In this attack:

1. When the pair is deployed, the attacker is the first liquidity provider. The attacker calls the add function, providing a small amount of base and fractional tokens. The attacker receives the corresponding amount of LP tokens.
2. The attacker transfers, directly to the Pair contract, a large amount of base and fractional tokens.
3. This deflates the LP tokens obtained in (1), making shares in the pair extremely valuable.
4. Now any following liquidity provider must provide a very large amount of base and fractional tokens to obtain a small amount of LP tokens.

This gives the first liquidity provider the possibility to make it very costly for all other LPs to enter the pool, and potentially control the vast majority of the liquidity in a pair, leaving out smaller players.

Tools Used

Manual review

Recommended Mitigation Steps

This is a long known issue in this kind of AMMs, and there's already a solution available, pioneered by Uniswap V2.

It's based on implementing a minimum liquidity threshold in the pair. Essentially, during the first liquidity provision, part of the minted LP tokens are burned (instead of being transferred to the provider). I suggest reading the discussion in the Uniswap v2 audit for more details.

[c4-judge]

berndartmueller marked the issue as duplicate of #442

[c4-judge]

berndartmueller marked the issue as satisfactory