On December 8, Lifinity, a decentralized exchange (DEX), experienced a significant setback when an arbitrage bot drained its LFNTY-USDC liquidity pool, resulting in a loss of $699,090.
The incident was attributed to an unexpected response from a failed trade, as reported in Lifinity’s Discord channel.
The ordeal unfolded when an arbitrage bot embarked on a complex trading route, involving USDC, xLFNTY, LFNTY, and USDC, aiming to exploit price disparities between various trading pairs.
The bot executed an Immediate-or-Cancel (IOC) market order on Serum v3, a type of order that requires immediate execution at the prevailing market price upon being filled. Orders unable to be executed immediately are typically canceled.
However, instead of returning an error as expected, the bot’s request yielded a 0 amount output.
This unforeseen outcome caused the liquidity pool to process the 0 amount, subsequently updating the last transaction price to 0 and setting the next starting price to the same value.
While the actual price on the constant product curve (CP curve) wasn’t zero, the pool offered an exceptionally low price, making it vulnerable to a drain.
READ MORE: Binance Abu Dhabi Withdraws Application with Regulator Amidst Expansion Plans
Lifinity v1 functions as an automated market maker (AMM), employing algorithms to create liquidity in trading pairs. It relies on the constant product market maker (CPMM) model to maintain balance between two token quantities within a liquidity pool.
This approach is also used by other DEXs like Uniswap and Bancor.
While Lifinity v1 does not directly employ the standard constant product (CP) curve found in traditional CPMMs, it replicates its functionality.
The bug in this case allowed the arbitrage bot to exploit the discrepancy and deplete the funds.
Efforts are now underway to address the situation, with Lifinity’s team working on restoring liquidity to the affected pool.
Additionally, they are reviewing the protocol code and exploring options for fund recovery.
To prevent future incidents, the DEX has implemented a new measure: trades resulting in 0 amounts are no longer accepted.
Contrary to initial concerns, the incident does not appear to be the result of an external attack, as clarified by a community member on social media.
While Cointelegraph reached out to Lifinity’s team for comment, an immediate response was not received, leaving the community awaiting further updates on the situation.
