TY - GEN
T1 - Understanding the Security Risks of Decentralized Exchanges by Uncovering Unfair Trades in the Wild
AU - Chen, Jiaqi
AU - Wang, Yibo
AU - Zhou, Yuxuan
AU - Ding, Wanning
AU - Tang, Yuzhe
AU - Wang, Xiao Feng
AU - Li, Kai
N1 - Publisher Copyright:
© 2023 IEEE.
PY - 2023
Y1 - 2023
N2 - DEX, or decentralized exchange, is a prominent class of decentralized finance (DeFi) applications on blockchains, attracting a total locked value worth tens of billions of USD today.This paper presents the first large-scale empirical study that uncovers unfair trades on popular DEX services on Ethereum and Binance Smart Chain (BSC). By joining and analyzing 60 million transactions, we find 671, 400 unfair trades on all six measured DEXes, including Uniswap, Balancer, and Curve. Out of these unfair trades, we attribute 55, 000 instances, with high confidence, to token thefts that cause a value loss of more than 3.88 million USD. Furthermore, the measurement study uncovers previously unknown causes of extractable value and real-world adaptive strategies to these causes. Finally, we propose countermeasures to redesign secure DEX protocols and to harden deployed services against the discovered security risks.
AB - DEX, or decentralized exchange, is a prominent class of decentralized finance (DeFi) applications on blockchains, attracting a total locked value worth tens of billions of USD today.This paper presents the first large-scale empirical study that uncovers unfair trades on popular DEX services on Ethereum and Binance Smart Chain (BSC). By joining and analyzing 60 million transactions, we find 671, 400 unfair trades on all six measured DEXes, including Uniswap, Balancer, and Curve. Out of these unfair trades, we attribute 55, 000 instances, with high confidence, to token thefts that cause a value loss of more than 3.88 million USD. Furthermore, the measurement study uncovers previously unknown causes of extractable value and real-world adaptive strategies to these causes. Finally, we propose countermeasures to redesign secure DEX protocols and to harden deployed services against the discovered security risks.
KW - DEX
KW - DeFi
KW - Ethereum
KW - Theft
KW - blockchain
KW - fairness
UR - http://www.scopus.com/inward/record.url?scp=85168131837&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85168131837&partnerID=8YFLogxK
U2 - 10.1109/EuroSP57164.2023.00028
DO - 10.1109/EuroSP57164.2023.00028
M3 - Conference contribution
AN - SCOPUS:85168131837
T3 - Proceedings - 8th IEEE European Symposium on Security and Privacy, Euro S and P 2023
SP - 332
EP - 351
BT - Proceedings - 8th IEEE European Symposium on Security and Privacy, Euro S and P 2023
PB - Institute of Electrical and Electronics Engineers Inc.
T2 - 8th IEEE European Symposium on Security and Privacy, Euro S and P 2023
Y2 - 3 July 2023 through 7 July 2023
ER -