Thanks for writing this; we ended up writing a bit to formalize this as an attack for generic constant function market makers. The idea is basically to take advantage of the convexity of the invariant functions used and use that to iteratively approximate what the true trade size executed was. The convexity of these invariants (e.g. constant product, constant geometric mean, convex sum of the two) effectively makes it possible to infer the true and unique (this is the main theorem) trade size involved.
5 Likes
The doc link needs permission to access, it it possible to share it public? Thanks!
Probably has been superseded by this paper of theirs: [2103.01193] A Note on Privacy in Constant Function Market Makers
And there is an ethresearch post by tchitra on this topic: Differentially Private Uniswap in ETH2 - #4 by tchitra
2 Likes