Comments (5)
Looking back at it, I think this is more of a sanity check to make sure decimals are accounted for. Someone could accidentally set up a really bad price when opening a new market for instance. I don't think the rounding error rational in the in-line comment is sound, the rounding error will not be more significant based on a small initial liquidity being added.
This requirement does prevent currencies that have smaller number of decimals and might be worth considering removing.
What do you think?
from niftyswap.
I think this is more of a sanity check to make sure decimals are accounted for. Someone could accidentally set up a really bad price when opening a new market for instance
I am not sure if I follow you there, when you first enter liquidity the UX should be taking care of the decimals, for example in Uniswap, adding 1 ETH of liquidity adds 10**18 WEI, the user can't add 1 WEI by mistake.
I think that the require
is intended to protect the second liquidity provider, if a pool has 1 wei / 1 wei of liquidity the next provider is forced to maintain the 1:1 ratio, usually this is not a problem, because the pool should get arbitraged until the real ratio is reached, but when the liquidity is that low nobody can do any trade, so that doesn’t happens.
I market it as a low severity issue because it's only an inconvenience, it exists a simple fix if a "troll" starts to create pools with 1/1 liquidity. A contract could add liquidity to such pools and trade at the same time, enabling trades again.
Because it exists a simple fix, I would be comfortable tagging this as won’t-fix, but It would be a good idea to monitor pools in case one of these "trolls" appears.
from niftyswap.
Yeah, the trolling would be a bit annoying, but indeed one can add liquidity & trade to correct ratio in a single tx to correct the ratio. Good to keep track of indeed.
from niftyswap.
@Agusx1211 I was thinking about this, and what if someone adds a 10000 wei : 1 X
as first liquidity, where X is a fungible tokens with many decimals (hence 1 is the lowest value possible). Now the "trolling" is truly effective since the ratio 10000/1
would need to be maintained for all future added liquidity. Are we certain that we can correct that ratio?
We would need to do a contract call like :
niftyswapContract.addLiquidity(...);
niftyswapContract.baseToToken(...);
...
So if ratio is 10000 A / 1 B
we need to
- Add
999000 A
and999 B
giving you10000000 A / 1000 B
- Sell
99,000 B
to get a100,000 A / 100,000 B
ratio - Remove liquidity
Now my main worry is under which scenario might it be impossible to get enough B liquidity.
What do you think @Agusx1211 ?
from niftyswap.
Fixing the ratio can also be done by performing a trade; I cannot think of any situation that cannot be fixed in a safe manner by using a contract.
Worst case scenario, the pool is left broken, and the exchange has to be re-deployed. Maybe the UI could raise a warning if a user tries to add liquidity to a pool with less than 100000000 base liquidity?
from niftyswap.
Related Issues (20)
- Front Running Exchange Creation
- C1 - Pool can be drained if `base` matches `token`
- L2 - An error on `base` or `token` could leave the whole pool frozen HOT 2
- N1 - Token trades are not easily composable HOT 2
- N2 - Rounding up during while buying tokens or adding liquidity can be avoided HOT 3
- N3 - Assembly code for `functionSignature` retrieval can be removed
- N4 - self-deposit isn't enforced HOT 1
- L4 - `addLiquidity` can round in favor of new liquidity provider HOT 2
- N5 - Definition, and assignment of arrays can be optimized
- N6 - Functions mutability can be restricted to pure
- N7 - `refundBase` isn’t sent to the seller HOT 1
- N8 - Minted liquidity tokens can round to zero HOT 4
- Bug Bounty: Pre-audit HOT 1
- Support for ERC20::ERC1155 Niftyswap pool HOT 7
- Adding creatorFee to Niftyswap HOT 7
- Updating solidity compiler version to ^0.8.0 HOT 3
- TypeError: Member "buyTokens" not found or not visible after argument-dependent lookup in address HOT 4
- Export method signatures and data types for npm package consumers
- Orderbook: Collectible Detail functionality integrations
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from niftyswap.