Each article covers one big segment of real-world AMM (read Uniswap) pools behaviour analysis and IXS mitigation model stress testing, covering details, and giving simplified explanations of the work performed.
The detailed report, codebase, and simulation data are open-sourced and continuously updated on our GitHub at https://github.com/IX-Swap/data-science.
Mathematical distributions are able to simulate different market situations, but there are traders trying to perform market manipulations to extract profit out of the artificially created conditions or to perform some fraud operations.
Considering that the task was not only to perform stress tests of the market but also to check for protection against those frauds and manipulations, we need to get real transaction histories.
The chosen approach was to get Uniswap V2 transaction pool histories for different types of pools, considering that traders behaviour could differ depending on token reputation, the popularity of the token, financial situations around him, and the different ways to use them.
There are four types of tokens taken:
The first case covers the most popular tokens present on the crypto market (Bitcoin, Ethereum, USDC, FEI, HKMT). These pools have the highest traders interest, and the tokens can be used on many platforms with a generally positive trend of their rising prices and rising reputation/recognition.
Analysis of these markets will formulate a picture around the tokens growing in popularity, reputation, and the number of platforms that recognize them. This behaviour is necessary to understand the principles of successful projects from the initial stage of forming a pool with their participation and how the positive characteristics of tokens from a given pool predetermine their success.
The second case concerns NFT tokens that can be used on NFT exchange platforms and NFT tokens used in metaverse or web games. These are unstable markets dependent in the first case on the popularity of the NFT asset exchange platform itself, which uses tokens to exchange assets, and in the second case, depends on the popularity and demand of the platform on which NFT data is used (within the game, it all depends on the popularity of the game and its media role).
For example, an ordinary game may lose its popularity over time due to various factors, but the growing popularity of the metaverse causes the growth of the value of the NFT tokens used in them.
The third case concerns unstable but gaining popularity tokens based on memes, popular social events, or personalities. These tokens are one of the most volatile on the market, since their value depends entirely on mentions in social networks, from third-party services that recognize them as payment, and the accepted methods of market regulation.
With such unstable behaviour, it is important to understand that these tokens are used as a means of making money quickly due to high price fluctuations. This behaviour is a high risk for the holder of the currency and a good opportunity for quick earnings.
The offer of a security token (STO) is a unique case of the crypto market — either a form of investment in various blockchain projects or synthetic assets that are “mirroring” other assets. This token type is constructing a “bridge” between the traditional financial market and the crypto one, introducing some traditional market practices and concepts, enlarging the crypto market influence over the real world and constructing a possible future financial trading, which will be able to combine traditional and crypto financial markets.
This article is dedicated to describing the most interesting found cases of pools histories, description of found pools attack strategies, fraud market manipulations and how they influenced the market, and some general conclusions based on performed analysis and observations.
The detailed description of the pools is available on the Git repository containing pools analysis report, where each case is reviewed closely.
For each pool, we extracted four types (if available) of pool-related data:
In the first article, it was mentioned that AMM constructs token price considering available reserves keeping the original token balance formula token A balance*token B balance=k, meaning that for each swap AMM generates token_out_value based on token_in_amount and current “token in to token out” price. To find out token price defined for each swap was applied the formula:
This formula defines the token_in price expressed in token_out equivalent. Knowing current token prices can be found price change rate conform formula:
Using detected price and price change rate, we can perform influential analysis of the swaps, detecting extreme market changes caused by unique conditions or fraud activity. Reserve-based token prices may not cover those unique conditions and frauds, but can be used for comparing pool token prices with prices on external markets to check if pool token prices are correlating with external ones.
Uniswap V2 introduced some improvements compared to the V1 for setting manipulation-resistant environments. For example, one of the introduced protection layers is a time-weighted average price (TWAP) mechanism that works by formula with a 24-hour window:
With a low transaction frequency, there will be not enough estimated prices for finding a time-weighted one and there will be no price protection against performing specific attacks that will be further demonstrated. Taking this into account, it was required to consider pool activity while checking anomalies and strange distributions.
Picture 1: Reserve-based and swap-based Bitcoin price to USDC respectively
The picture above demonstrates that there are big deviations in the swap-based token price compared to the reserve-based one. Plotting swap activity distribution and swap count distribution demonstrates that the high deviation period is matching with the drop in swap activity capitalization and swap operations count.
Picture 2: Swap in for WBTC in the WBTC/USDC pool – capitalization and operations count
Price changes have high deviation during low activity periods but it is hard to understand if those price changes have inner anomalies or strange moments, deeper analysis of which will discover market manipulations. Anomaly detection can be performed by plotting the token price change rate.
Picture 3: WBTC token price change rate distribution between 27 and 29 September 2021
The presented distribution contains anomalous price drop with anomalous price rise from one swap to another. This means that the presented history fragment can contain market manipulation. A deeper analysis of the transaction history shows one strange situation presented below.
Picture 4: transaction frequency fragment containing 3 strange transactions
Conform presented fragment can be seen transaction nr. 65608 where trader requested an exchange of 12 797 USDC to WBTC. Bitcoin price for 28 September is 42 247.36 USD. The reserve-based Bitcoin price is almost the same (considering that USDC is a stable coin representing USD analogue on the crypto market and that pool balance converges to the real-market situation), but trader got 0.092386 WBTC instead of around 0.3 WBTC, which is ⅓ out of the real-price and around 6-8 thousand USD loss.
The next operation changes almost 1 million USDC to the WBTC, getting 12.689636 WBTC and right after that performing reverse operation, changing 12.689636 WBTC to USDC. As a result of those two operations, the trader got almost 6 thousand dollars profit, which is similar to the sum lost by the previous trader.
One important highlight is that by extracting the historical data through the Uniswap subgraph, only the transaction timestamp is available (which is the same for all transactions within a block), meaning that the execution order of the transactions inside the block is lost. Because of this, these transactions were checked manually on Etherescan in order to get their execution order.
Picture 10: transaction history from Etherscan about possible MEV attack
It is required to understand what MEV attack is, how it works and why the present situation is similar to this attack.
Miner extractable value (MEV) is a miner profit that happens due to the ability to include/exclude/reorder transactions within the block that they produce.
The current attack principle happens when an attacker places a transaction right before another trader’s transaction, causing loss by this trader and placing the second transaction after another trader’s one to extract a profit from another trader’s loss. This happens due to the negative price change caused by the attacker’s transaction and the next positive price change caused by another trader’s transaction.
Picture 11: Principle of performing MEV attack on the AMM pool, upper half represents influence on the pool reserves and lower half represents changes in pool tokens prices
During multiple token pairs analysis multiple cases of MEV attacks were discovered. This attack appears in a pool with starting pool activity rise after pool activity drop, meaning that there is no applied TWAP regulation at the moment.
There is another limitation for performing an efficient MEV attack – an attacker is needed to perform a transaction with a high amount of tokens, meaning that the attacker needs to have high financial power related to pool reserves.
Therefore, with higher pool reserves, attackers must have higher financial power. To understand how this principle works, it is required to remember one case in the first article.
Imagine that Bob is not an attacker, but just a simple user that tries to change 100 Token B to get some Token A. It means that after performing the swap, the pool will get 100 Token B from Bob and give him 100 Token A.
Imagine that in the first case, there are only 1000 units of each token and in the second one there are 1,000,000 units of each token. In the first case, price changes by around 19%, meaning that even a relatively small transaction is able to greatly change tokens prices relative to each other. In the second case, the price is changed by 0.02%, meaning that the token price will greatly change only with much higher transaction values.
Now imagine Alice, who is trying to extract some profit from market manipulations using the MEV principle. Alice sees that there are low pool reserves in the first case and she performs a transaction by exchanging 300 Token B to get Token A. It means that price will greatly change:
In the first case, Token A is now priced as around 0.5385 of Token B, meaning that Token A’s price was changed by around 46.15%. Then Alice tries to perform an attack over the second pool. To perform a successful attack, she tries to change 30,000 Token B to get Token A.
In the presented case, even with a 100 times bigger transaction, Alice was not successful to perform an efficient MEV attack, considering that her attack has changed price only by around 5.83%.
This case demonstrates how important pool reserves are and how important it is to have big reserves to make pools more sustainable. Successful MEV attack in case of higher pool reserves requires much bigger financial power of the attacker.
Inside one of the transaction histories, a unique case was found when a person extracted almost all pool reserves of precious tokens. Considering that this is a unique case, it is required to dive into this case, defining one of the additional protection layers.
The BPT/WETH pool is still present on the Uniswap V2 but the problem is that traders activity in this pool had an anomalous drop after the first weeks of the pool lifecycle and token prices change rates had extreme rises and drops, requiring deep data analysis.
Picture 12: Anomalous pool behaviour of BPT/WETH pool – swap activity capitalization and BPT token price change rates distribution
There is a high activity registered during the first weeks of the pool lifecycle and an anomalous activity rise can be seen during the end of June 2021 and anomalous WETH to BPT price change was also registered in the same period.
Plotting the swaps count distribution for this pool shows high activity before anomalous price change and almost no activity present after it.
Picture 13: Swaps count distribution through time in the BPT/WETH pool
There is a relatively medium transaction rate until the end of June 2021 and to understand the reason for this anomaly, we check the end of June 2021 closely to find what caused those pool changes.
Picture 14: Transaction history catching 4 transactions during which one person extracted almost all of the tokens in the BPT/WETH pool
During transactions between numbers 1700 and 1850, around 80.12 WETH tokens were removed out of the pool, which compared to the 105 WETH token reserve of the pool, is a negative case of extracting almost entire token reserves out of the pool (removed around 76.3% of reserves).
The interesting moment about this token is that there is present one account that is responsible for extracting all appearing WETH tokens out of the pool.
After counting all operations by this account, it can be seen that he swapped in only around 66.89 WETH tokens while the same account successfully swapped out around 216.09 WETH tokens meaning that this account extracted net around 150 WETH tokens. Considering Ethereum token price deviation, the account extracted around 40-45 thousand of US dollars out of the pool.
It is hard to define the reason of the attack, but there can be defined some moments about this attack:
This is a unique case, showing that it is required to use pool regulation that will limit the amount of extracted token from the pool taking into account pools reserves and to stimulate mints into token pools, raising pool reserves and therefore causing more stable pool activity.
Our previous articles explained the AMM principle of forming tokens prices based on reserves of the pool. In most of the reviewed cases, pool-based prices are converging to the real market ones.
Stablecoins have stable distributions with small price deviations keeping around estimated price (like an example, price of 1 US dollar for USDC token), meaning that pool-based price distributions will converge to the distribution of altcoin, NFT, STO that was set in pair with stablecoin.
Picture 15: Scheme describing how pool-based price converges to the external market tokens prices distributions
Stablecoin has stable price distribution with small deviations, while altcoin/NFT/STO price has higher deviation/changes causing pool-based altcoin/NFT/STO price t0 converge to the external markets price.
In case there are both tokens in the token pair of the pool, either altcoin or NFT or STO, then pool-based prices will depend on both external market prices distributions, causing low market sustainability.
The problem with such a structure is that the pool can become a good source of extracting pricey tokens out of the pool. Therefore, pool-based prices will be less stable and there is a higher chance of appearing disturbances.
After reviewing many pools, one observation was found that in most of the cases use of such token pair structure causes higher deviations and smaller pool stability.
During analysis of the meme-token pairs present on the Uniswap V2, it was discovered that this is one of the most unpredictable scenarios of pool lifecycle, considering that their price change rates have unstable and high variation distributions, with extreme price drops and rises depending on the news related to the meme-token or token reputation.
Picture 16: DOGE swap-based token price for the DOGE/WETH pool
Any mentioning of the token by popular persons or their recognition in big organizations have a strictly positive impact over meme-tokens.
Long-living meme-tokens have higher recognition and are more trustful creating a positive reputational picture with positive price change trends (for example, Dogecoin has a long story compared to other meme-tokens), increasing their attractiveness through time as serious projects.
All news related to those tokens are heavily changing their prices and both supply and demand are heavily influencing these tokens prices.
Picture 17: ELON token swap-based price distribution in the ELON/WETH pool
Taking into account all mentioned price defining factors can be understood why those tokens are a high risk investment that can lead to extreme profits and losses. Considering that those tokens prices are highly unstable, related pools will also be unstable, but considering the unstable behaviour of the pool it is unlikely that there will be serious investors who will take a risk of investing high financial resources in such pools. Therefore, those pools may be attractive targets for attackers, wishing to extract high profits out of market manipulations.
Considering the instability of meme-tokens, it is highly recommended to pay high attention to guaranteeing safe and honest trading of such tokens.
NFT is a specific form of token that represents ownership over a specific object containing some cost. This can be a work of art, some digital asset, ownership of real-world objects/goods and so on.
Considering how versatile NFT can be, it is important to consider price defining factors for different NFT groups.
Considering AMM market properties there are used second, third and fourth NFT types. NFT-related tokens are an interesting case, considering that they are launched by a company or group of persons staying behind NFT-trading platforms and can be considered as a form of a startup. Another reason why it is important – persons that sold their assets getting those tokens can try to exchange their tokens using AMM markets as an easy way of getting either a more precious token or stablecoin that can be exchanged on traditional money. Reviewed cases of NFT-related tokens have shown that those pools have medium or high capitalization, they are popular and they can be attractive targets for attackers.
Picture 18: ENJ token swap-based price for the ENJ/WETH pool (example of NFT-related token)
Game-related NFTs are less stable and less attractive than NFT-related tokens mentioned above. In-game NFT have higher deviation and smaller recognition on the market considering that in most of the cases they are traded by holders to get more precious and recognized tokens instead. Such a trend defines lower related pools stability, lower pools capitalization and, therefore, smaller investment attractiveness. It is unlikely that such a pool will become popular and that there will be high-valued trades. The next case is similar from first look, but totally different by marketing, positioning, inner structure and recognition.
Picture 19: ALICE swap-based token price distribution for the ALICE/WETH pool (game-based NFT)
There are two main metaverses types:
Metaverses are a rising trend maintained by rising attention of big companies and countries to them. Some metaverses contain NFT introduced for as in-metaverse money or as a form of ownership over digital assets in those metaverses. Considering the rising trend, the biggest metaverses (and long-living ones) with NFT will have a rise of users, bigger investors attention and therefore higher NFT prices and recognition. Reviewed pools’ history have shown that such metaverse tokens were relatively stable and after the rise of attention their prices have extremely risen up.
Picture 20: MANA swap-based token price distribution for the MANA/WETH pool (example of metaverse NFT)
Considering defined properties the most attractive for both investors and attackers and NFT-related tokens used by NFT-trading platforms and NFTs introduced in popular metaverses, considering their higher capitalization, recognition and appearing new possibilities of extracting profits out of them. If previously such pools had a more predictable behavior now it is hard to say how this situation will progress and where it will lead the markets and it is required to pay high attention to such tokens.
Security token offerings (STO) are one of the investment forms into blockchain projects representing tokenized securities. To ensure that presented token can be called an STO, it is required to pass the Howey test by SEC to check if trades with this token can be considered as investment contracts, meaning that it must match the next requirements:
STO appeared at the end of 2017 – start of 2018, meaning that it is a relatively new trend on the crypto market. Its behaviour is similar to securities, considering that it provides similar profit types and are connected to the securities either directly or by working principles.
Why are STO tokens interesting? They represent a bridge between real-world financial markets and crypto ones. Stablecoins are also connecting crypto markets with real ones by giving access to traditional money analogues, but they give the possibility of transforming crypto finances into traditional ones. STO comes deeper, transferring some traditional financial markets to the crypto world, making them closer for traders.
After performing analysis of the different STO tokens, can be estimated several aspects:
There is another case of unique tokens related to the STO ones that are called synthetic assets. They are representing tokenized derivatives that mimic the value of another asset. The principle behind such token type is that it directly depends on the asset price from which synthetic token was derived. Considering this property, it is possible to trade different real-world assets and traditional financial assets.
It is possible to derive tokens from, like for example, shares of big companies where it was detected 3 big cases of such tokens that were derived from Apple, Amazon, and Alibaba shares prices called as mAAPL, mAMZN and mBABA respectively considering that they were created on the Mirror.finance which is based on Mirror Protocol.
All three reviewed cases have high capitalization from both reserves and swap activity perspectives. Therefore, it is likely that “mirrored” securities of the big companies can form a popular pool with high capitalization and investments.
Picture 21: Example of pool with synthetic Apple shares token prices distributions for the mAAPL/WETH pool
Pools based on use of synthetic assets “mirroring” securities of big companies have stable distributions, price deviations are relatively small compared to previously mentioned NFT or meme-tokens cases. They are more similar to trusted and popular altcoins. Considering those properties it is important to consider safety and effective regulation of such pools.