Demystifying Just-in-Time (JIT) Liquidity Attacks on Uniswap V3

Uniswap is currently the most liquid Decentralized Exchange (DEX) on Ethereum. In May 2021, it upgraded to the third protocol version named Uniswap V3. The key feature update is "concentrated liquidity", which supports liquidity provision within custom price ranges. However, this design introduces a new type of Miner Extractable Value (MEV) source called Just-in-Time (JIT) liquidity attack, where the adversary mints and burns a liquidity position right before and after a sizable swap. We begin by formally defining the JIT liquidity attack and subsequently conduct empirical measurements on Ethereum. Over a span of 20 months, we identify 36,671 such attacks, which have collectively generated profits of 7,498 ETH. Our analysis suggests that the JIT liquidity attack essentially represents a whales' game, predominantly controlled by a select few bots. The most active bot, identified as 0xa57...6CF, has managed to amass 92% of the total profit. Furthermore, we find that this attack strategy poses significant entry barriers, as it necessitates adversaries to provide liquidity that is, on average, 269 times greater than the swap volume. In addition, our findings reveal that the JIT liquidity attack exhibits relatively poor profitability, with an average Return On Investment (ROI) of merely 0.007%. We also find this type of attack to be detrimental to existing Liquidity Providers (LPs) within the pool, as their shares of liquidity undergo an average dilution of 85%. On the contrary, this attack proves advantageous for liquidity takers, who secure execution prices that are, on average, 0.139% better than before. We further dissect the behaviors of the top MEV bots and evaluate their strategies through local simulation. Our observations reveal that the most active bot, 0xa57...6CF, conducted 27% of non-optimal attacks, thereby failing to capture at least 7,766 ETH (equivalent to 16.1M USD) of the potential attack profit.