DEX: Essential knowledge for Security Researchers.
“Winter is coming”. For years we have heard this phrase with fear. It was a warning of a time of great danger and hardship in the world. The winter is not just a natural phenomenon, but a metaphor for the impending doom and chaos that will soon engulf the Seven Kingdoms.
But we security researchers love winter. To us, all the chaos and monsters that have come across the North are just little puppies and capture the flag challenges. We used to fight bloody battles in the Six Kingdoms (code4rena, sherlock, cantina, codehawks, hats, inmudefi) and we always won. Maybe I haven’t reported findings in every contest, but I’ve never seen a contest where vulnerabilities weren’t reported.
And we celebrate with our champions after every battle, in discord, X, it doesn’t matter. We are happy for all our teammates.
But let me tell you something in case you are interested in joining the security research army: From the beginning of the year until now, we have had about 50 contests, and almost all of them have been on Decentralised Finances. One on NFTs, one on names, and all the rest on DeFi.
Because this is why blockchain exists, to replace the traditional financial system technology.
What we should know about DeFi
The first thing you need to know is the terminology. You will see a lot of new names that refer to the type of services, potential income or features. Some of them are not possible in traditional finance, and only work in this new beautiful ecosystem called blockchain. Check out the basic terms here: 25 Defi-nitios for Smart Contract Auditors and 25 more Defi-nitios for Smart Contract Auditors.
Let’s remember why the financial system exists in the first place, i.e. how and why banks work. Because, yes, now they sell insurance, they sell houses, they do your tax reports, but that is more a necessity than their real purpose. The function of banks is:
- To offer loans.
- To exchange currency.
That’s it. Period. No more things. So, if we are going to replace the system, we have to build Loans protocols and Exchange protocols, but, obviously, decentralized, without banks!, they will run thought smart contracts, so we will have more opportunities and more types of services, but always focused on loans and exchanges.
DEX: The core of the blockchain
So let’s talk about the exchanges, or in blockchain, Decentralised Exchanges, also known as DEX. There are also Centralised Exchanges, more similar to banks, but we’ll focus on the first ones, as they are the core of the blockchain, with DEX as important as Uniswap, PancakeSwap, Shushi… they all sum a total value locked of $20.749 billion, and generate fees of $167 million per month. Looks like a nice place to be, doesn’t it?
To find out how it works, we can look at what is considered the standard: Uniswap. Currently there are 3 versions, being V2 is the most widely used as example, we are going to explain a bit Uniswap V2.
- In DEX the core service is swap coins: ETH for USDT, USDT for DAI, … any token or native coin for another one.
- The swap price is determined by a formula based on the amount of each token in a particular contract, usually called a pool or pair, depending on the DEX.
- There are 3 main contracts: Factory, Pool and Router.
- Factory is the contract to create contracts. What contracts? The pool/pair contract. The user specifies something like “I want to create a contract to swap USDT for DAI and vice versa” and, voila! a pool contract is created. For each par of tokens to be exchanged, a corresponding pool contract is required.
- Pool contract stores the tokens, but has more functions. It is also an ERC20 token to send a sort of receipt that users have added liquidity. By the way, to add liquidity it is necessary to do it in pairs: If you want to add tokenA, you should also add an equivalent of tokenB.
- Router contract is the contract that users interact with after pool creation. Users never directly execute pool contract functions. This is where users add liquidity to the pool and execute swaps (Router contract calls Pool contract functions).
Dexes explained in 2 minutes. Not bad at all.
Security: The most important feature of any Protocol
Blockchain has been with us for some time now. We had hoped that by now this technology would be good enough to be widely used by ordinary users, and that traditional DeFi’s such as Bank of America, JPMorgan or ICBC would be confident enough to start offering DEX services to their customers.
But we have a situation. In the first 4 months of 2024 alone, 187 million dollars have been stolen from the DeFi protocols. This is inadmissible and unacceptable for the world’s major banks.
The environment needs to take the security of its protocols seriously, once and for all, and put it at the top of its priorities.
In the coming months, it will arrive Monad, a new L1 blockchain, optimised to maximise productivity, accelerate transactions and reduce costs. With the idea of creating a DEX that lives up to the expectations of a top financial company, I have joined the Monadex team, with the exclusive role of Security Researcher.
In this way, from the first line of code, the development team and the security team work together to ensure that the protocol is reliable, and 100% secure, not with just a final audit made in 10 days, but to ensure that the code delivered every day meets the highest security standards available.
Monadex, named on X as @Monadex_labs, will be built to the high standards that will soon be mandatory for all.
And of course, it will be not only about security but also it will be a 100% community oriented DEX, we will added features to create the best user experience..but this is another history.
You can also join our Discord to learn more about the next standard en DEX build exclusively for Monad.
