KIP-017: Disable Swaps for the Liquidity Pool

Disable Swaps for the Liquidity Pool

Author: Hover Labs, [email protected]
Created: 12/21/2021

On 12/20/2021, a sophisticated arbitrage/economic exploit involving the kUSD/XTZ pair on Quipuswap and the Kolibri Liquidity Pool was executed in transaction hash oo1pntsgxC1huvgj63yxtXh9HP1etQKWe4aJWFEak5vi2WNq22T (Operation oo1pnt..q22T on This transaction liquidated two undercollateralized ovens and drained about 1.5M kUSD from the liquidity pool.

Funds that remain in the pool are at risk of a similar exploit. We therefore aim to patch this exploit as soon as possible to avoid further losses.

The Liquidity Pool keeps track of a pool where it can trade in a storage variable called quipuswapAddress. This proposal updates the quipuswapAddress to be the null address). When a trade is attempted against the null address, the relevant entrypoint will not be found and the transaction will fail. This is crude, but has the effect of immediately mitigating the vulnerability in the liquidity pool, without freezing deposits and withdraws.

A deterministic implementation to generate this lambda and test it is availabe here: The code includes tests and has been run on sandboxnet. Specifically, tests verify that the lambda applies correctly and mutates storage as expected, and that deposits and redeems are still possible post lambda execution.