ARC-24: Upgrade XYK Pool to Enforce Minimum Liquidity


Update the code ID used to create new XYK pools. The new implementation will enforce a minimum amount of liquidity to always stay in the pool.


This code upgrade patches a potential attack once a XYK pool is created. An attacker could provide a tiny amount of liquidity as the first LP in the pool, wait for subsequent LPs to add liquidity and then withdraw most of the newly added liquidity, thus taking assets from other LPs.


With the new XYK pool implementation, a tiny amount of LP tokens cannot be withdrawn anymore from the pool, thus locking at least some liquidity in the pool and preventing an attacker from extracting an unfair amount of assets when they withdraw.

The Github commit for the new pool implementation is this.


Copyright and related rights waived via CC0.

1 Like