# The countermeasure against withdrawal attacks ## **How the protocol withdrawal fee is calculated** When performing the “Withdrawal Arbitrage” attack, the profit would be : ![](https://miro.medium.com/max/1400/1*eOKNFni_dAoU5AJ5aellbA.jpeg) The maximum profit will be : ![](https://miro.medium.com/max/1400/1*7_UG-EJCEJ_AtCH-JZlbnw.jpeg) And the withdrawal fees will be equal to the maximum profit possible to obtain from the attack, as calculated by the below formula : ![](https://miro.medium.com/max/1400/1*lzBZU7l1Z_7ECjkmqGtWGA.jpeg) ## **Withdrawal Fee Way Too High?** A natural concern may be that withdrawal fees will be large and punitive for liquidity providers. In most cases, however, a very small withdrawal fee is already sufficient to prevent such an attack. For instance, when the coverage ratio is 0.8, the withdrawal fee will only be 0.01%. In fact, at any coverage ratio, the marginal slippage will always be larger than the withdrawal fees. Assume the withdrawal amount is equal to 1% of the pool: ![](https://miro.medium.com/max/1400/1*jiasBqwF7XfRdnXqOs1w4Q.jpeg) Which means that there always exists a larger financial incentive for arbitrageurs to come to restore the system’s coverage ratio compared to withdrawal. Note that the protocol can support withdrawal when coverage ratio is lower than 1 is because of a common assumption for modern banking’s *fractional reserve* — not all liquidity providers will withdraw their liquidity all at once. As long as the trust remains intact (i.e. the system is solvent), bank run will not happen, and withdrawals from any individuals will not drain up the pool significantly. One more point to note is that, the reverse version of it — deposit arbitrage / deposit fees also exists, but the amount is even more negligible (this fee is charged because it is necessary to prevent flash loan). --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://hummus-exchange.gitbook.io/hummus-exchange/concepts/withdrawal-fee/the-countermeasure-against-withdrawal-attacks.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.