Comment on page
Within the context of pricing, an oracle is an on-chain API for price. Differently put, it simply tells you what the price of an asset is at a given time.
While we think Uniswap's oracles are best suited for our permissionless lending protocol, depositing into an Euler pool backed by illiquid liquidity pools on Uniswap can lead to devastating results.
For instance, inflating the value of a collateral allows the attacker to borrow an inflated amount of tokens, leading to bad debt. This is the most systemic and widespread attack on lending protocols.
Alternatively, if the Uniswap V3 oracle of the borrowed asset is manipulated to the upside, the attack could trigger liquidations and sweep borrowers' collateral.
Even more of concern is when the attacker can manipulate the asset pricing to the downside. Hypothetically, if the price drops to almost zero, the attacker only needs a small amount of collateral to borrow the entire pool and run away with a hefty profit.
Using the tool, we can calculate the cost of moving the TWAP by 20.89% (minimum required to break even on highest-quality assets) up and down over 1 and 2 blocks:
Then, we take the minimum of these 4 values: $469.63 million and assign a rating to it according to this table:
Consequently, UNI/WETH pool safety is deemed high as the minimum cost of attack up and down over 1-2 blocks is > $50 million.
This is displayed on the front-end page of the respective lending pool:
Keep in mind that this is merely an indicative tool and we bear no responsibility for loss of funds.
If you are a project that wants to improve its token's oracle rating and be eligible for higher borrow and collateral factors, it's crucial to provide full-range liquidity to the XYZ/WETH pair on Uniswap V3.
By full-range liquidity we mean providing liquidity from the lowest tick all the way to the highest tick without any gaps in between.
It's important to note that even a small amount of fully-spread liquidity can significantly increase the cost of attack. For eg, the IDLE/WETH pool has a mere $52k TVL, yet the minimum cost of attack is a whopping $115 million:
Check out Michael's paper on how even a small amount of full-range liquidity can make an attack incredibly costly: https://github.com/euler-xyz/uni-v3-twap-manipulation/blob/master/cost-of-attack.pdf