Any return on investment is premised on risk control, especially when smart contracts are still in the experimental stage.

Structure of this article:

Structure of this article:

Token Liquidity Issues and AMMs

There has always been a problem in decentralized exchanges - the liquidity of tokens. Poor liquidity will naturally lead to poor user experience.

In the past, DEX users traded in an order book style. The DEX order book transaction information was recorded on the chain, and the user created a transaction order to complete the order, and then paid some gas fees on the chain to complete the transaction bookkeeping. The emergence of AMM (Automated Market Maker) has solved the liquidity problem very well. AMM-type exchanges do not need to provide order book data to display prices. This type of Dex brings together liquidity to form a The liquidity pool realizes fully automated market making based on algorithms. At present, the most popular Dex on the market are carried out through AMM, such as Uniswap, Balancer, Curve and so on.

secondary title

The front of Uniswap

image description

image description

According to Uniswap official website data, the total circulation is 250 million US dollars, and the number of daily transactions exceeds 100,000

• What is Uniswap?

1. Uniswap is a decentralized exchange (DEX) based on the Ethereum network that can be used to trade ERC20 tokens.

2. In general centralized exchanges, trading agents create liquidity by buyers and sellers, while Uniswap can automatically create a trading market.

3. Uniswap can solve the liquidity problem of dex.

• version upgrade

The V1 version can only use ETH as a bridge currency. For example, the conversion of two ERC20 ABC/XYZ requires ABC/ETH to be converted to ETH/XYZ

The V2 version can directly create two ERC20 pairs to directly provide liquidity

Advantages of V2 version:

Save on handling fees because there is only one transfer.

Save one slippage because there is only one transaction

secondary title

The back of Uniswap

I conclude that the risks of Uniswap can be divided into three aspects:

• external risk

technical risk

• technical risk

The risk that a smart contract will not function as the developer intended. It is very difficult to know that it is very difficult to write code without any errors, especially in the blockchain industry to write smart contracts, so Uniswap has a certain degree of technical risk. Auditing, testing, and purchasing smart contract insurance can all reduce technical risk. For example, the Defi project YAM, whose currency price plummeted by 99% in the past two days, was due to the negligence of code writers and the hasty launch of untested code, which led to the failure of the project.

• Economic Model Risk

Many blockchain projects, especially in the DeFi field, need to rely on economic incentives to motivate network participants. If the incentive method cannot enable participants to get good feedback, it is likely to cause other users to be affected. For example, the main reason for the collapse of the Fcoin exchange, which was thundered at the beginning of this year, I think is the failure of the economic incentive model "transaction mining". An economic model without a positive cycle is often the most critical and important factor for the collapse of a project or exchange. least noticeable factor.

These risks are analyzed in detail below.

1. External risks

The hottest word in the currency circle recently is no longer "1CO" or "1EO", but "1UO", which is called initial Uniswap offering.

Listing on Uniswap is a real three-nothing product.

It only needs to establish two capital pools, "no listing fee", "no censorship", and "no cost", and the economic model mechanism design is naturally conducive to FOMO, and there is no need for more than 100 clicks on the mouse and keyboard. The work of listing coins in Uniswap can be completed.

I sent a coin on Uniswap for $46

The emergence of Uniswap has greatly reduced the difficulty and cost for project parties to issue coins and cut leeks. Uniswap has a three-piece set of coins: telegram, discord, WeChat group (some conscientious project parties will also create a website), and even the coin issuance mark in the ICO era There is no accompanying white paper.

The project party can obtain services such as currency listing on the exchange, market value management, and circulation maintenance at a very low cost. It must be known that these services can only be enjoyed by paying several or even dozens of BTC on the centralized exchange.

Uniswap inherited the mantle of Ethereum's 1co in 2017, allowing all projects to be listed on the exchange, which is equivalent to all project parties being able to raise funds in 2017, allowing new leeks to understand the madness of the currency circle, and letting old Leek made a re-examination of the currency circle.

image description

Near Protocol official Twitter statement

2. Technical risk

image description

https://github.com/

It should be noted that Uniswap now has a known attack path, and the risk source is mainly the re-entry attack of ERC-777token. The general principle of the attack is as follows:

Enter the Uniswap token exchange by calling the tokenToEthSwapInput function twice.

In the second token purchase, the ETH reserve is lower, but the token reserve is the same. This means that the second batch of tokens will only be exchanged for a little more ETH than there should be. Here is the formula that governs the price at which exchanges buy the tokens that are being sold:

Under normal operation, after subsequent regular token sales, the token reserve will increase (denominator increase), while the Ethereum reserve will decrease (numerator decrease). Therefore, the amount paid out in tokens will decrease after each round of sale.

Instead, by exploiting reentrancy, this action will effectively prevent the number of tokens in reserve from increasing, thereby turning the denominator of the equation into a constant. Note that the amount of ETH in the reserve will still decrease (i.e. the numerator in each reentrant call will be smaller). In the long run (after a few reentrancy iterations), we will be able to make a decent profit, the more reentrancy iterations the better. We refer to this attack as a "reentrant microtransaction" attack.

image description

https://github.com/Uniswap/

image description

The picture above is drawn by the author

Each point represents a fixed sale amount of ETH paid by Uniswap. For example, in 20 "reentrancy attacks" each selling 350 tokens, using the reentrancy microtransaction attack (red) generates approximately 22.192 ETH, while under normal conditions the tokenToEthSwapInput function is called externally 20 times (sold in each call) 350 tokens), a total of 7000 tokens are sold, and the profit is only 17.44 ETH (blue).

There is a clear difference in the profit shown in reentrancy attacks as the number of calls increases. Legitimate normal transactions (blue) generate approximately 17.418 ETH, while reentrant microtransaction attacks (red) generate approximately 22.324 ETH. The dashed blue line is not constant over time and has a small slope.

Code contributions: OpenZeppelin,

References:

References:https://github.com/openzeppelin/exploit-Uniswap

https://smartcontractsecurity.github.io/SWC-registry/docs/SWC-107 

3. Economic model risk

The economic model provided by Uniswap’s token liquidity is to select a trading pair ETH/ERC20 tokens and inject them into the fund pool, and add ETH and ERC20 of equal value (the same value is 1:1 to inject funds) as needed. After the ETH or ERC20 is exchanged, the person who deposits the currency can share the transaction fee in proportion (the fee is 0.3%).

There are two fund pools here, one for ETH and the other for ERC20 tokens, and the total value of the two is theoretically equal. Among them, the market price of ETH is relatively clear, so the market value of this ETH pool can be considered equal to the market value of tokens.

Example: 1 (ETH) * 2000 (a certain ERC20) = 2000 (2000 is a constant) When the buyer wants to exchange 100 pieces of ETH corresponding to a certain erc20 token, the buyer recharges and deposits 100 pieces of a certain ERC20 token into the fund pool For ERC20 tokens, in order to ensure that the calculation result is still 2000, the amount of ETH that needs to be left in the fund pool is 2000/(2000+100)=0.952, and the ETH that the buyer can get is 1-0.952=0.048 (ignore handling fee). It is equivalent to selling 100 ERC20 coins, and then I get 0.048ETH. This is the logic of the exchange.

This is the simplest calculation method. The calculation logic of the constant function market maker is more complicated, so I won’t go into details here. Everyone should have found a problem here. Originally, we should have obtained 0.05 Ethereum (calculation method: 100/2000=0.05ETH), but after the exchange, we only got 0.048. This is when the funds in the fund pool are not enough. There is a large slippage.

image description

Uniswap White Paper Page 5

The only economic parameter on Uniswap is a transaction fee of 0.30% per transaction. The fee will be incentivized to participants who invest in liquidity pool tokens or eth, which is to encourage people to invest their funds in the liquidity pool. If the design of the handling fee is too high or too low, it may change the level of funds in each fund pool, thereby changing the returns of liquidity providers, but it has no direct impact on the funds of liquidity providers.

Summarize

Summarize

Uniswap is an AMM-type decentralized exchange. This article conducts a comprehensive analysis of it in multiple dimensions, and focuses on its external risks, technical risks and economic model risks.

After in-depth research, it is found that the main risk is the external risk (that is, the risk of the project party), and the risk of the platform itself is not great. This is just like ICO, which itself is just a new financing model, but some project parties use this model to cheat. Therefore, the review and research of the project is particularly important. We will conduct research and analysis on the project itself in subsequent articles. stay tuned.