DDoS Attack Prevention

TWAMMs are susceptible to DDoS attacks. For example, a malicious user can jam up a TWAMM pool by placing many orders of small sell amounts. The number of order will have to be such that when a real user come to withdraw/cancel/swap, the gas required to execute pending virtual orders will be too high.

LongSwap implementation has a few protections against DDoS attacks:

  1. If there are multiple orders ending on the same block, processing the virtual orders will have minimal to zero overhead per additional order. We ensure this using Heap Based Order Expiries.

  2. Orders can only end on specific blocks separated by a <Order block interval>. So, for a pool, if order block interval is 100, orders can only expire on block numbers ..., 17172200, 17172300, 17172400 ...

  3. Contract also tracks number of active Long Term Orders. If that number goes beyond a particular limit, say 32, then additional defences are activated. At this point, any user can only place an order expiring within then 24 hours. This puts an upper cap on the number of active orders possible at any point. Having this upper cap ensures that there is a cap on gas requirement for virtual order executions and a pool can always recover from the attack.

Last updated