🚷

Service Denial

“No Soup for You!” - Service Denial

During a discussion about problematic scenarios for TWAMM, the issue of Gas Denial of Service (GDoS) was raised. The GDoS vulnerability arises from the virtual order execution loop, shown in Figure 1 as implemented in the TWAMM reference design [2].
Figure 1: Virtual order execution loop from TWAMM reference design [2], circled. This loop poses an upper-bound gas use risk directly proportional to the pool's inactivity.
Given enough iterations of the circled loop in Figure 1, it’s possible there will be insufficient gas in a transaction block to execute the function. This would break most TWAMM public functions for users, denying service. The number of iterations is determined by the block in which the function was previously executed, the current block in the function is being executed, and the Order Block Interval (OBI) value.
This problem and its relationship to Order Block Interval (OBI) is discussed extensively in [1]. Mitigation for the problem is also presented in [1], whereby a maximum block can be specified to limit loop iterations within gas constraints. While the mitigation alleviates the problem-- it introduces additional gas use, complexity, and inconvenience.

References

  1. 1.
    “Time Weighted Average Market Maker Operational Parameters vs. Gas Usage Analysis”, March 2022. Online. Available: https://mirror.xyz/0slippage.eth/5zKJW4Zx9zYHpB4jNln16HuU8d8EtawmA17usNfIje4.
  2. 2.
    TWAMM (2021). Online. Available: https://github.com/FrankieIsLost/TWAMM.