defi-amm-security

defi-amm-security

DeFi AMM Security

Critical vulnerability patterns and hardened implementations for Solidity AMM contracts, LP vaults, and swap functions.

When to Use

• Writing or auditing a Solidity AMM or liquidity-pool contract

• Implementing swap, deposit, withdraw, mint, or burn flows that hold token balances

• Reviewing any contract that uses token.balanceOf(address(this)) in share or reserve math

• Adding fee setters, pausers, oracle updates, or other admin functions to a DeFi protocol

How It Works

Use this as a checklist-plus-pattern library. Review every user entrypoint against the categories below and prefer the hardened examples over hand-rolled variants.

Examples

Reentrancy: enforce CEI order

Vulnerable:

function withdraw(uint256 amount) external {
    require(balances[msg.sender] >= amount);
    token.transfer(msg.sender, amount);
    balances[msg.sender] -= amount;
}

Safe:

import {ReentrancyGuard} from "@openzeppelin/contracts/utils/ReentrancyGuard.sol";
import {SafeERC20} from "@openzeppelin/contracts/token/ERC20/utils/SafeERC20.sol";

using SafeERC20 for IERC20;

function withdraw(uint256 amount) external nonReentrant {
    require(balances[msg.sender] >= amount, "Insufficient");
    balances[msg.sender] -= amount;
    token.safeTransfer(msg.sender, amount);
}

Do not write your own guard when a hardened library exists.

Donation or inflation attacks

Using token.balanceOf(address(this)) directly for share math lets attackers manipulate the denominator by sending tokens to the contract outside the intended path.

// Vulnerable
function deposit(uint256 assets) external returns (uint256 shares) {
    shares = (assets * totalShares) / token.balanceOf(address(this));
}

// Safe
uint256 private _totalAssets;

function deposit(uint256 assets) external nonReentrant returns (uint256 shares) {
    uint256 balBefore = token.balanceOf(address(this));
    token.safeTransferFrom(msg.sender, address(this), assets);
    uint256 received = token.balanceOf(address(this)) - balBefore;

    shares = totalShares == 0 ? received : (received * totalShares) / _totalAssets;
    _totalAssets += received;
    totalShares += shares;
}

Track internal accounting and measure actual tokens received.

Oracle manipulation

Spot prices are flash-loan manipulable. Prefer TWAP.

uint32[] memory secondsAgos = new uint32[](2);
secondsAgos[0] = 1800;
secondsAgos[1] = 0;
(int56[] memory tickCumulatives,) = IUniswapV3Pool(pool).observe(secondsAgos);
int24 twapTick = int24(
    (tickCumulatives[1] - tickCumulatives[0]) / int56(uint56(30 minutes))
);
uint160 sqrtPriceX96 = TickMath.getSqrtRatioAtTick(twapTick);

Slippage protection

Every swap path needs caller-provided slippage and a deadline.

function swap(
    uint256 amountIn,
    uint256 amountOutMin,
    uint256 deadline
) external returns (uint256 amountOut) {
    require(block.timestamp <= deadline, "Expired");
    amountOut = _calculateOut(amountIn);
    require(amountOut >= amountOutMin, "Slippage exceeded");
    _executeSwap(amountIn, amountOut);
}

Safe reserve math

import {FullMath} from "@uniswap/v3-core/contracts/libraries/FullMath.sol";

uint256 result = FullMath.mulDiv(a, b, c);

For large reserve math, avoid naive a * b / c when overflow risk exists.

Admin controls

import {Ownable2Step} from "@openzeppelin/contracts/access/Ownable2Step.sol";

contract MyAMM is Ownable2Step {
    function setFee(uint256 fee) external onlyOwner { ... }
    function pause() external onlyOwner { ... }
}

Prefer explicit acceptance for ownership transfer and gate every privileged path.

Security Checklist

• Reentrancy-exposed entrypoints use nonReentrant

• CEI ordering is respected

• Share math does not depend on raw balanceOf(address(this))

• ERC-20 transfers use SafeERC20

• Deposits measure actual tokens received

• Oracle reads use TWAP or another manipulation-resistant source

• Swaps require amountOutMin and deadline

• Overflow-sensitive reserve math uses safe primitives like mulDiv

• Admin functions are access-controlled

• Emergency pause exists and is tested

• Static analysis and fuzzing are run before production

Audit Tools

pip install slither-analyzer
slither . --exclude-dependencies

echidna-test . --contract YourAMM --config echidna.yaml

forge test --fuzz-runs 10000

Weekly Installs525Repositoryaffaan-m/everyt…ude-codeGitHub Stars157.6KFirst Seen11 days agoSecurity AuditsGen Agent Trust HubPassSocketPassSnykWarnInstalled oncodex495opencode479gemini-cli476cursor475github-copilot475kimi-cli475