AMM front-running resistance with SNARKs

Thanks for pointing out good points.

1. Trade frequency.

   Except ETH/USDT pool, the trade frequency is pretty low for almost pools. ETH/WBTC is the top 5 pool and it took 1.8 minutes per tx during last 15 hours. In addition, the main target of this protocol is a small pool that has a high slippage rate thus many chances exist for front-runners. ETH/RARI Uniswap pair is a good example which trade volume is top 22 today. Its trade frequency was 2.3 minutes per tx during last 20 hours and 13 front-running drained up to 5%. It means that most transactions are safe to use swap(that does not freeze the pool) and only 13 txs needed to use the swapInTheDark feature. Therefore, pools will be remained undarkened in general.

2. DoS

   Before starting to talk about DoS, let me clarify a little bit about darkening. Darkening does not always lock the pool for 10 minutes. The 10 minutes is just a prioritized period for the darkener of reveal. If anyone reveals the resulting ratio in a few minutes, then it unlocks the pool immediately. But as you pointed out, DoS is still possible. So we can use a fee model just like fee = darkenedPeriod * Difficulty. Then, the darkener will try to reveal the trade as soon as possible to save the fee, and it may not affect the average trade frequency.

   Let’s see the case, You can see the latest sandwich attacks here, and front-runners drained about 2 ETH using 4 txs in this case.
   

   

   1020×211 22.2 KB
   
   Here’s the calculation of the expense. Let’s assume that
   • hashRate = 33000 hash / second
   • difficulty = 30 (MAX)
   • expectedSolvingTime = 9 hours (2^(difficulty)/hashRate)
   • fee = darkenedPeriod * difficulty * k
   • k = 0.0001 ETH(The governance can decide this rate)
   • feePerMinute = 0.18 ETH
   • feePerBlock = 0.036 ETH
   • gas price for fast confirmation = 439 GWei (This data are from the trade tx))
   • avg gas price = 240 GWei (https://etherscan.io/tx/0xbd2b150d5d70d8e1dfc9cdbb8f1eb35e0f7e3be1017da531f1bdf96711cf5e01)
   • Darkening tx fee = 598K * 230GWei = 0.14 ETH
   • Undarkening tx fee = 182K * 439GWei = 0.08 ETH

   First, to freeze the pool for an hour, the attacker should pay

   • At least 6 darkening tx = 0.84 ETH.
   • At least 6 undarkening tx = 0.48 ETH.
   • 1 hour of darkening fee = 10.8 ETH.
   • ~= 12.1 ETH

   In this case, the DoS attacker should pay about 12 ETH to lock the pool for an hour. The attacker will have an incentive when there confidently exist big arbitrage trade opportunities between other exchanges. But it looks pretty unprofitable in ETH/RARI’s case. Otherwise, the victim of this case could save 2 ETH by paying 0.28 ETH for the fee. I think the market will find the equilibrium point between the difficulty fee and the front-running resistance.

   By the way, it is a fact that arbitrage opportunities increase the incentive for DoS. Therefore, it will be good to support newly launched tokens, which have low liquidity and high slippage so suffering from front-runnings, to put their main liquidity pool on this protocol like SushiSwap’s Onsen program. Also, we can give liquidity mining rewards like UNI or Sushi since the darkening can be inconvenient for the liquidity providers, although the pool will be remained undarkened as only few tx needs darkening and the difficulty fee accelerates the reveailng.

3. Buy/Sell guess

   I can guess with pretty high accuracy just by checking whether she’s currently holding a million or more tokens right now.

   It is a really important point that you are just guessing. I can buy more RARI while holding a bunch of RARI. Or I can sell my whole RARI. How will you do? Only holding a small amount of token can confuse you.