Security risks

Strategy Manager Vulnerabilities

The contract creator, or Strategy Manager, holds exclusive administrative privileges, including the ability to add new assets and assign their price oracles. This concentration of power creates a significant vulnerability. A malicious Strategy Manager could, for example, drain assets from the pool by assigning a custom, controllable price oracle for a listed asset, allowing them to manipulate the price and extract value.

To mitigate this, the Strategy Manager role must be controlled by a trusted entity, such as a reputable individual, a formal organization, or a DAO-governed multisig wallet. For strategies that are intended to be immutable, a further security measure is to "burn" the management role by transferring its ownership to the zero address. This permanently locks the pool's configuration (fees, target weights, oracles), while still allowing a separate, pre-configured address to collect any designated fees.

Oracle Vulnerabilities

While oracle price feeds are designed to be fast and efficient, they are not infallible and can carry pricing errors due to network latency or market volatility. If the magnitude of an oracle's price error exceeds the pool's Base Fee, a profitable arbitrage opportunity may arise, potentially draining a portion of the pool's liquidity.

To protect against this, the Strategy Manager must select high-quality, efficient price feeds with stringent update requirements (liveness thresholds). Alternatively, the manager can increase the Base Fee to a level that insulates the pool against the oracle's expected range of inefficiency.

This risk is also passively mitigated by the Deviation Fee model. If the pool is near its balanced state, any sizable arbitrage trade attempting to exploit an oracle error will necessarily increase the deviation of the involved assets. This triggers a deviation fee that grows with the size of the trade, counteracting the arbitrage profit and raising the threshold an oracle error must cross to be exploitable.

Asset Vulnerabilities

The TWMM is exposed to risks from the underlying assets it holds. A large-cap asset, such as a stablecoin, could de-peg from its intended value, or the project behind an asset could fail or "rug pull," causing its value to collapse.

It is critical to remember that the LP token represents a proportional share of every asset in the pool. Therefore, LP token holders are exposed to the risks of all constituent assets, relative to their current weights. To minimize this risk, users should seek out pools managed by professional and reputable Strategy Managers who perform thorough due diligence on asset selection and would not include unvetted or malicious assets in the pool's portfolio.