[CL][bug]: Bankers rounding in price to tick conversions allows for LP fund drain #5516
Labels
F: concentrated-liquidity
Tracking the development of concentrated liquidity feature to improve filtering on the project board
T:bug 🐛
Something isn't working
Comments
AlpinYukseloglu
added
T:bug 🐛
This was referenced Jun 14, 2023
mergify bot
pushed a commit
that referenced
this issue
Jun 19, 2023
… <> sqrt price (#5541) Closes: #5516 > **Note to reviewer:** the only real state machine change is in `tick.go` and heavily mirrors @ValarDragon's PR here: #5522 > The rest of the changes are related to function renames/test refactors. ## What is the purpose of the change This PR expands on #5522 and updates all price to tick conversions to use SqrtPriceToTick instead. ## Testing and Verifying The new function is tested in `math/tick_test.go` The original attack vector is also converted into an edge case test in `position_test.go` ## Documentation and Release Note - [ ] Does this pull request introduce a new feature or user-facing behavior changes? - [ ] Changelog entry added to `Unreleased` section of `CHANGELOG.md`? Where is the change documented? - [ ] Specification (`x/{module}/README.md`) - [ ] Osmosis documentation site - [ ] Code comments? - [ ] N/A
mattverse
pushed a commit
that referenced
this issue
Jun 20, 2023
… <> sqrt price (#5541) Closes: #5516 > **Note to reviewer:** the only real state machine change is in `tick.go` and heavily mirrors @ValarDragon's PR here: #5522 > The rest of the changes are related to function renames/test refactors. ## What is the purpose of the change This PR expands on #5522 and updates all price to tick conversions to use SqrtPriceToTick instead. ## Testing and Verifying The new function is tested in `math/tick_test.go` The original attack vector is also converted into an edge case test in `position_test.go` ## Documentation and Release Note - [ ] Does this pull request introduce a new feature or user-facing behavior changes? - [ ] Changelog entry added to `Unreleased` section of `CHANGELOG.md`? Where is the change documented? - [ ] Specification (`x/{module}/README.md`) - [ ] Osmosis documentation site - [ ] Code comments? - [ ] N/A
ValarDragon
added a commit
that referenced
this issue
Jun 20, 2023
* Some optimizations * Update x/concentrated-liquidity/math/math.go Co-authored-by: Dev Ojha <ValarDragon@users.noreply.github.com> * [CL]: Fix incorrect bound check/chain halt vector (#5557) * repro panic trigger and fix bound check * fix comments * docs: precision issues around price; short and long term solution (#5552) Closes: #XXX ## What is the purpose of the change Related to: #5550 Documenting latest decisions around tick and price conversions ## Testing and Verifying This change is a trivial rework / code cleanup without any test coverage. ## Documentation and Release Note - [ ] Does this pull request introduce a new feature or user-facing behavior changes? - [ ] Changelog entry added to `Unreleased` section of `CHANGELOG.md`? Where is the change documented? - [ ] Specification (`x/{module}/README.md`) - [ ] Osmosis documentation site - [ ] Code comments? - [ ] N/A * Make go tests only run if relevant (#5569) * CL: migration functional test (#5560) Closes: #XXX ## What is the purpose of the change The following PR introduces a functional test that: - Creates every type of balancer position that can be created - Bonded superfluid - Unbonded superfluid (locked) - Unbonded superfluid (unlocking) - Vanilla lock (locked) - Vanilla lock (unlocking) - No lock - It then migrates each position, asserting invariants after each position is migrated - Finally, an overall invariant is run after all positions have been migrated, asserting that all funds are accounted for in some way The next PR subsequent to this will be adding randomization to the inputs in order to make the test non deterministic. ## Testing and Verifying Functional test above added ## Documentation and Release Note - [ ] Does this pull request introduce a new feature or user-facing behavior changes? - [ ] Changelog entry added to `Unreleased` section of `CHANGELOG.md`? Where is the change documented? - [ ] Specification (`x/{module}/README.md`) - [ ] Osmosis documentation site - [ ] Code comments? - [ ] N/A * [CL]: Fix tick rounding bug and implement direct conversion from tick <> sqrt price (#5541) Closes: #5516 > **Note to reviewer:** the only real state machine change is in `tick.go` and heavily mirrors @ValarDragon's PR here: #5522 > The rest of the changes are related to function renames/test refactors. ## What is the purpose of the change This PR expands on #5522 and updates all price to tick conversions to use SqrtPriceToTick instead. ## Testing and Verifying The new function is tested in `math/tick_test.go` The original attack vector is also converted into an edge case test in `position_test.go` ## Documentation and Release Note - [ ] Does this pull request introduce a new feature or user-facing behavior changes? - [ ] Changelog entry added to `Unreleased` section of `CHANGELOG.md`? Where is the change documented? - [ ] Specification (`x/{module}/README.md`) - [ ] Osmosis documentation site - [ ] Code comments? - [ ] N/A * Still fixing merge conlfict * Revert lp.go change as commented --------- Co-authored-by: Dev Ojha <ValarDragon@users.noreply.github.com> Co-authored-by: alpo <62043214+AlpinYukseloglu@users.noreply.github.com> Co-authored-by: Roman <roman@osmosis.team> Co-authored-by: Adam Tucker <adam@osmosis.team>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Background
Example attack vector: #5493
We currently do bankers rounding to accommodate the precision loss we experience when converting from sqrt price to tick. This is specifically intended to handle the case where the error pushes the tick over a boundary such that truncating would lead the wrong outcome (e.g. the price corresponding to tick 100 gets represented as 99.999, which gets truncated to 99).
While this seems okay in most cases, it causes undefined behavior when a swap leaves the current sqrt price close enough to a tick boundary to trigger a round up when converted to ticks.
Specifically, it allows for a scenario where it is possible to break the invariant that
currentSqrtPrice <= TickToSqrtPrice(currentTick). In other words, the current tick is set incorrectly since the tick is rounded up due to conflating delta from precision error with actual delta.Suggested Design
We have two primary approaches to resolving this issue:
ApproxRootfunction that prevents the issue in [CL]: Demo issue with truncation for ticks #5512 from happening (likely requires a sqrt function that always returns >= the true sqrt)Acceptance Criteria
The text was updated successfully, but these errors were encountered: