StableSwap-NG keeps oracle-pegged pools tightly aligned with external prices, but the same mechanism passes every oracle jolt straight into the curve. When the amplification parameter is large, the pool reproduces a ±0.2% oracle move almost one-for-one while charging only its base fee on each leg. Our unit test against the stock NG template showed that a trader who brackets two ordinary swaps around the keeper update can earn a spread that is more than an order of magnitude larger than the fee outlay—even though the pool records no token-count imbalance.
Raising the flat fee would close the leak but at an unacceptable cost: everyday trades would become uncompetitive and a handful of swaps could consume a large slice of the annual staking yield that attracts liquidity providers. Because the fee schedule is intended to reward LPs, not to police volatility, tying it to worst-case oracle shocks is counter-productive.
A cleaner remedy is a volatility-responsive surcharge:
- triggers only when an oracle jump exceeds a small noise threshold;
- starts at roughly the size of that jump;
- then decays linearly to zero over a short, fixed window (for example, one hour);
- adds only three storage words and a few arithmetic operations.
The round-trip cost of a sandwich therefore rises from “twice the base fee” to “twice the base fee plus the oracle jump itself,” erasing the economic incentive while leaving ordinary swaps largely untouched once calm returns.
Recommended actions for pool deployers1. Profile oracle behaviour.If typical updates ever exceed twice the base fee, implement the surcharge before the pool goes live.
2. Set parameters carefully.A trigger threshold around 0.10% and a one-hour decay window have proved effective in back-tests.
3. Audit and simulate.Run historical oracle data through the formula to be sure the surcharge fires only when it should.
Implemented pool-by-pool, this lightweight guard preserves StableSwap-NG’s hallmark low spreads while steering sudden oracle gains back to the liquidity providers who supply the capital.
Final noteIf the pool is correctly configured using well-matched tokens and a reliable, stable oracle there is no additional risk for liquidity providers. However, if a pool is created for unmatched tokens that require a volatile oracle, there are risks that cannot be fully mitigated by the current StableSwap-NG implementation. Handling such scenarios would require a more advanced mechanism and a deeper architectural approach.