Hello @Ulysses weldon for posting this paper. I see that the DeFi system of interest for this paper is one known as Kyber. Five security audits have been published for Kyber since it was released in 2017, for me I think this is a good development because these audits
have brought several security vulnerabilities to light, most of which were subsequently mitigated by the programming team at Kyber. Had the Kyber protocol not been openly auditable, these vulnerabilities would likely
be exploited by malicious users, leading to security breaches and potential losses of funds. This shows how important it is for vulnerabilities to be documented.
Is interesting to know that Sandwich attacks in Kyber’s DMM are slightly different
from the conventional kind, as the issue is related to the virtual reserves which exist in addition to the real reserves.
I think the objective of this paper is to show that the vulnerability is indeed present in the mint function and to suggest applying the mitigation to the vulnerable part of the system as well.
Kyber’s current mitigation only exists
in the router, so the vulnerability still exists if users mint liquidity via the pool contract directly.
Only users who add liquidity through the pool contract directly are vulnerable to a sandwich attack. This way of adding liquidity is discouraged by Kyber and the only situation where such an act makes sense is when the interface is down. I think there is a low chance for this attack to occur.
I think this paper has only suggested to broaden an existing mitigation and has not featured a solution to the issue.
I think For AMMs, it is crucial to develop countermeasures capable of protecting users from sandwich attacks.
Despite clear financial incentives to sandwich attack, doing so may not always be worthwhile. The cost of performing these transactions to front and back-run other traders will often outweigh the financial gain for attackers especially when using the Ethereum network, which notes transaction costs (per action) rather regularly, do you think or feel that Sandwich Attacks Worth the Work? My opinion at the moment.