You are reading an excerpt from our free but shortened abridged report! While still packed with incredible research and data, for just $20/month you can upgrade to our FULL library of 50+ reports (including this one) and complete industry-leading analysis on the top crypto assets. 

Becoming a Premium member means enjoying all the perks of a Basic membership PLUS:

• Full-length CORE Reports: More technical, in-depth research, actionable insights, and potential market alpha for serious crypto users
• Early access to future CORE ratings: Being early is sometimes just as important as being right!
• Premium Member CORE+ Reports: Coverage on the top issues pertaining to crypto users like bridge security, layer two solutions, DeFi plays, and more
• CORE report Audio playback: Don’t want to read? No problem! Listen on the go.

Decentralized Exchanges (DEXs)

A key advantage of decentralized exchanges (DEXs) lies in their transparency, achieved through open-source smart contracts. With all transactions recorded on a blockchain, a public ledger is accessible to all. DEXs also enable peer-to-peer (P2P) transactions without intermediaries, allowing users to transact directly from personal wallets, eliminating the need to trust third parties. Consequently, DEXs appeal to investors seeking increased transparency and control over their assets, as centralized exchanges have encountered challenges in customer holdings and transaction history transparency.

On the other hand, DEXs exhibit certain limitations compared to centralized exchanges. Blockchain-based transactions on DEXs may result in slower speeds, higher fees, and new attack vectors than those processed by centralized exchanges utilizing central servers.

Frontrunning: Sandwich attacks

A sandwich attack is a type of frontrunning attack that exploits the fact that the price of an asset can move in response to buying and selling pressure. To understand how a sandwich attack works, it is important to understand how the price of an asset is calculated on the blockchain. The price of an asset is typically calculated as the current exchange rate between assets. For example, if a contract is currently trading 1 USDC for 10 CEQcoin, then you could say CEQcoin has a price of 0.10 USDC.

However, prices generally move in response to buying and selling pressure. If a large order is sitting in the mempool, traders have an incentive to copy the order but with a higher gas price. That way, they can purchase the asset before the large order, let the large order move the price up, and then sell the asset right away.

The sell order is sometimes called “backrunning.” The sell order can be done with by placing a sell order with a lower gas price so that the sequence looks like this:

1. Frontrun buy
2. Large buy
3. Sell

The primary defense against this attack is to provide a “slippage” parameter. If the “frontrun buy” itself pushes the price up past a certain threshold, the “large buy” order will revert, making the frontrunner fail on the trade.

It’s called a sandwich, because the large buy is sandwiched by the frontrun buy and the backrun sell. This attack also works with large sell orders, just in the opposite direction.

Oracle Attack

In an oracle manipulation attack, the goal is to trick a system (in this case, a lending protocol) into thinking that more money has been deposited than actually has been. This allows the attacker to borrow more money than they should be able to. For example, if an attacker deposits $1,000, but manipulates the protocol to think they deposited $5,000, they might be able to borrow $3,000. This is a problem because the protocol has been tricked into giving out more money than it should.

One way that attackers can do this is by messing with the prices of cryptocurrencies on decentralized exchanges like Uniswap. Uniswap is a platform where people can trade different cryptocurrencies. Some older or less reputable projects have made the mistake of using Uniswap to get price information. This is risky because it's easy for an attacker to manipulate the prices on Uniswap by taking a short-term loan (called a flashloan) and temporarily changing the price.

Another way that attackers can manipulate prices is by targeting less-liquid assets like LP tokens or shares in vaults. LP tokens are tokens that represent a share of a liquidity pool on a decentralized exchange. An example of this type of attack is the Warp Finance hack. Warp Finance allowed people to deposit LP tokens as collateral for loans. To determine the value of these tokens, Warp Finance used a formula that involved the total value locked (TVL) in a liquidity pool.

However, this formula was flawed because it didn't account for the fact that the TVL can change dramatically when large trades are made. An attacker took advantage of this by taking a flashloan and making a large trade, which affected the TVL calculation and, in turn, the value of the LP tokens. This allowed the attacker to trick the protocol into thinking they had deposited more money than they actually had.