Proposal 38: Compensating for relayers in oracle attacks

Proposal goal : Compensating for relayers being incorrectly burned torn in oracle attacks


Nov-15-2023, The TORN/ETH trading pair in Uniswap V3 suffered an oracle attack due to liquidity issues , ,The attacker caused an incorrect price for the TORN/ETH trading pair through malicious swap, causing relayers to be burned with an incorrect amount of torn, and all relayers went offline in a short period of time.。
After the attack, the community discussed two options. One was to change the oracle to 1inch, and the other was to increase Uniswap V3 liquidity. After coding testing, it was found that 1inch does not support on-chain oracles very well. Currently, a solution to increase Uniswap V3 liquidity has been adopted.After community contributors added liquidity, the current price has returned to normal.
The proposal is to compensate for relayers being incorrectly burned torn in oracle attacks after the price recovers. Relayers are an integral part of the project and also bear the risk of sanctions. They should be treated fairly.


codewindknow/proposal-38 - proposal-38 - Tornado Cash Git
Script to calculate the TORN that were incorrectly burned in this attack:proposal-38/calculateLosses.ts at main - proposal-38 - Tornado Cash Git
The script to calculate the amount is to read the burning events in the affected withdrawals, where the affected blocks in the eth withdrawal are 18577000-18583515, and the affected blocks in the dai withdrawal are 18577000-18591849
Calculated result

cheap-relayer.eth--0x076D4E32C6A5D888fC4658281539c94E778C796d = 2380374405606021763001 // 2380.374405606021763001 TORN
lowcost.eth--0x28907F21F43B419F34226d6f10aCbCf1832b1D4d = 4468422129821830327039 // 4468.422129821830327039
TORNtorrelayer.eth--0x2Ee39Ff05643bC7cc9ed31B71e142429044A425C = 3040216359787595395455 // 3040.216359787595395455 TORN
nice-relayer.eth--0xb0Cdc0AB2D454F2360d4629d519819E13DBE816A = 103765685766980694091 // 103.765685766980694091
TORNabracadabra-money-gone.eth--0xb578603D3fB9216158c29488c1A902Dd0300c115 = 816848044379099935494 // 816.848044379099935494
first-relayer.eth--0xD8f1Eb586Ecb93745392EE254a028f1F67E1437E = 6688475991532709870006 // 6688.475991532709870006 TORN

local test code

For the security, all compensation codes reuse the code in Proposal 33 and passed the unit test. The proposal adds 50torn gas compensation (including contract deployment, proposal, execution)

PS: In order to avoid the recurrence of oracle attacks, we call on everyone to actively add liquidity to the TORN/ETH pair in Uniswap V3.

another 17k release? wtf
relayers should take risk. this is one of it they should take.
we don’t have to compensate all risk of relayers.

All the TORN burned by the incorrect amount were allocated to the DAO . Relayer had no benefits. Relayer is part of the tornado. When attacked, all relayers were forced to go offline, causing the project to come to a standstill. Without a stable relay system, there will be no stable income from the tornado

This is BS. Are we gonna charge additional TORN to relayers if the burned amount is less than expected amount?
Furthermore this proposal does not calculate the amount that would normally be burned. So this proposal is like giving more money to the relayer who was attacked.