raymogg
commented
3 years ago Marked as a dispute as this is not really an issue. Tracer will initially maintain an off chain order book that is the entry point for users to make orders (and for market makers to interact with).
Orders only get propagated on chain once they have been matched, and they will only be propagated on chain by whitelisted relayers. As such nobody can arbitrarily frontrun the orders with their own.
cemozerr
loudoguno
Handle
tensors
Vulnerability details
Impact
Market makers will not be able to have competitive spreads or cancel their orders to update their strategies. It will be difficult for them to provide liquidity on the platform, which will hurt the platform overall.
Proof of Concept
In traditional finance market makers turn a profit through the spreads they offer. If the market moves to one side or another they can quickly cancel their limit orders and update their order books accordingly.
Since all orders will appear on chain, bots can frontrun cancellation orders by the market makers to get a cheap price (and maybe even sell on the updated market maker's order book), thus disincentivizing market makers from providing liquidity.
Recommended Mitigation Steps
Hard to say what a proper mitigation could be. A possible solution: If limit orders have an expiry deadline, (e.g. like what uniswap does to with incoming transactions) then this problem would be diminished.
Another similar thing to note: market makers will have to use large amounts of gas to keep updating their limit orders (whether or not a deadline or other mitigation is included). As long as the contracts are fully on-chain, not much can be done about this.