International Association
for Cryptologic Research

Uniswap is currently the most liquid Decentralized Exchange (DEX) on Ethereum. In May 2021, it upgraded to the third protocol edition named Uniswap V3. The key feature update is concentrated liquidity, which allows Liquidity Providers (LPs) to provide liquidity in custom price ranges. However, this design introduces a new type of Miner Extractable Value (MEV) source called Just-in-Time (JIT) liquidity attack, where the adversary mints and burns a position right before and after a sizable swap. In this paper, we first formally define the JIT liquidity attack and then conduct empirical measurements on Ethereum. We detect that the JIT liquidity attack is indeed a whales' game dominated by few bots, where the most active bot 0xa57...6CF siphons 92% of the attack profit. We observe that the attack presents extremely high barriers to entry, since it requires the adversary to add liquidity that is on average 269 times higher than the swap volume. In addition, we detect that the attack demonstrates poor profitability, with an average Return On Investment (ROI) ratio of only 0.007%. Furthermore, we find the attack detrimental to existing LPs in the pool, whose liquidity shares are diluted by an average of 85%. However, it is beneficial to liquidity takers, who obtain execution prices 0.139% better than before. We further dissect top MEV bots' behaviors and evaluate their strategies via local simulation. We find that the top first bot 0xa57...6CF issued 27% non-optimal attacks, thus failing to capture at least 7,766 ETH (16.1M USD) of the attack profit.