TWAP manipulation Post-merge

[BrunoMazorra]

The analysis provided is interesting and gives a lot of insights into the costs of TWAP manipulation in Proof of Work domains. However, in post-merge (and more specifically post-MEV-boost) the costs of executing the attack are, in general, cheaper.
For example, assuming a validator that has access to 10 blocks in 12 minutes could execute the following strategy to manipulate the price. Assuming that the validator is the block proposal of block $i$, then he can send a swap transaction at block $i-1$ through Flashbots, Manifold, BloxRoute, etc. and close the swap at $i$, not losing the value to arbitrageurs. (The first transaction that creates an MEV opportunity (or cross-domain MEV opportunity) is not seen by arbitrageurs until block $i-1$ is executed, then the "attacker" executes the swap transaction without competition, omitting competitors). This significantly reduces the cost/difficulty of manipulating the price by:

• Costs are induced transaction fees and LP fees (fees of the Uniswap V3 pool).
• Validators do not need consecutive blocks.
  I wonder if Euler/Uniswap or other teams are taking into account this "new attack vector" in the post-MEV-Boost world.

[hoytech]

Yes, it's an excellent point and we are concerned about the long-term security of TWAP oracles.

I've created a proof-of-concept oracle that uses median prices instead of averaging, which may have better security properties. You can read more about this here:

https://github.com/euler-xyz/median-oracle
https://ethresear.ch/t/median-prices-as-alternative-to-twap-an-optimised-proof-of-concept-analysis-and-simulation/

Would appreciate any feedback!