In the realm of decentralized exchanges (DEXs), Lifinity experienced a significant setback when its LFNTY-USDC pool was emptied by an arbitrage bot on December 8. This event, which led to a loss of $699,090, was triggered by an unusual response to a failed trade, as disclosed on Lifinity’s Discord channel.
Understanding the Exploit
A bot was attempting an arbitrage trade, intending to capitalize on the price differences between the USDC > xLFNTY > LFNTY > USDC trading pairs. The bot deployed an Immediate-or-Cancel (IOC) market order on Serum v3. This type of order, if filled, must be executed instantly at the current market price. Any orders that cannot be immediately filled are subsequently cancelled.
However, instead of returning an error, as is typical, the system returned a 0 amount out. This unexpected response led the pools to process the 0 amount in and return 0 amount out, resulting in the last transaction price updating to 0 and the next starting price also being 0.
Consequences of the Exploit
While the actual price on the CP curve wouldn’t be 0, the pool did offer an extremely low price, leading to the subsequent drain. Lifinity v1, an automated market maker (AMM), uses algorithms to generate liquidity in trading pairs. It utilizes a constant product market maker (CPMM), a specific AMM model, to maintain a balance between two token quantities in a liquidity pool.
However, the bug returned a 0 price, enabling the bot to exploit the discrepancy and drain the funds. This incident was not an attack, as clarified by a community member on X (formerly Twitter). Lifinity’s team is now working on restoring liquidity to the pool, reviewing the protocol code, and attempting to recover the funds. Trades resulting in 0 amounts are no longer accepted.
Implications and Future Measures
Incidents like the arbitrage bot exploit lifinity pool highlight the potential vulnerabilities in the world of DEXs and the importance of robust security measures. It’s crucial for investors and traders to stay informed about these events and understand the underlying mechanisms of the platforms they use.
For those interested in monitoring and managing their crypto investments more effectively, the cryptoview.io application offers a comprehensive solution. It provides real-time updates and insights into market trends, helping users make informed decisions.
Start now using our tools for free.
As we navigate the complex world of cryptocurrencies, staying informed and vigilant is key. Incidents like the Lifinity pool exploit serve as reminders of the risks involved and the need for constant vigilance and effective management tools like cryptoview.io.
