Recent developments in the DeFi space have resulted in a rapid increase in the use of Automated Market Makers (AMMs) on decentralized exchanges (DEXs). DeFi applications, especially DEXs, are highly dependent on constant liquidity flow. Because of how they’re structured, there’s a need for consistent supply and demand to maintain liquidity, and without trading activity, the trading pool dies.
DEX protocols depend on liquidity to survive, and traditional order book-based models weren’t able to enforce this consistency using decentralized participants. With AMMs, DEXs simply abstract the liquidity requirements away from people using smart contracts – code deployed on the blockchain.
Before we get into the details of vampire attacks, how they affect AMMs, and more, let’s first cover a few basics.
Understanding DEXs & AMMs
A DEX is a platform that facilitates trading crypto tokens without an intermediary. This means users aren’t required to complete KYC procedures, and users trade with the platform in a pseudonymous manner. However, DEXs cannot be completely anonymous since all trades are recorded on the blockchain.
There are two main types of DEXs:
- Order Book Based DEXs: Users can buy and sell orders at their chosen prices, orders are recorded in a central ledger, and users take custody of their assets.
- Liquidity Pool or AMM-based DEXs: Most liquidity pool-based DEXs use Automated Market Makers (AMM), which algorithmically predefines asset prices based on the ratio of tokens in the pool. Trades are performed against a smart contract or liquidity pool (LP), which are pools of token pairs that can be traded for each other. Some liquidity pools contain more than just two kinds of tokens or crypto pairs. AMMs are essentially smart contracts that handle pools of money to allow traders to exchange tokens. Traders pay a minimal fee to the liquidity providers who fund the pool, and this creates a win-win situation – liquidity providers earn rewards for providing liquidity while transactions take place smoothly regardless of supply and demand.
What Are Vampire Attacks?
The concept of a vampire attack in cryptocurrency is quite simple. It aims to create an identical or similar protocol that’s empowered with a more profitable and attractive incentive mechanism.
Developing a protocol identical to another liquidity provider-based DEX (if the smart contract code is open source or visible on Etherscan) with a more advantageous incentive mechanism is bound to attract investors looking for the best rates.
Why Do Vampire Attacks Happen?
The idea behind a vampire attack is to lure users away from the protocol they were originally using over to your own more advantageous protocol.
A vampire attack aims to gain three crucial things from a popular protocol:
- Liquidity
- Users
- Trading volume
One of the most famous vampire attacks was performed by SushiSwap, which offered better liquidity provider rates than UniSwap, the dominant DEX platform. This pushed many investors to pull liquidity out of UniSwap and transfer it to SushiSwap instead.
SushiSwap’s Vampire Attack On Uniswap
Sushiswap was created by an anonymous person named Chef Nomi. Offering its native $SUSHI token as a reward for LPs, SushiSwap wanted to build a decentralized, community-governed platform to compete against the VC-backed UniSwap.
UniSwap offered LP tokens as a reward for providing liquidity on the platform, and SushiSwap’s strategy was to incentivize them to stake these LP tokens on SushiSwap in return for SUSHI tokens. SushiSwap took a fairly aggressive approach, offering 1000 SUSHI tokens per Ethereum block distributed to various UniSwap pools, including ETH pairs with SNX, LEND, YFI, and LINK. After trading began, SushiSwap continued to provide SUSHI tokens to active liquidity providers at 10% of the early distribution rate.
SushiSwap’s staking contracts and SUSHI distribution began on August 28th, 2020, with initial rates as high as 1000% APR. Within just a few hours of their launch, they gathered over $150 million in tokens invested into liquidity on their platform, later experiencing a parabolic rise from about $280 million to $1.8 billion in total value locked (TVL) in just 11 days. The transfer caused around $800 million worth of liquidity to be instantly drained to SushiSwap, with UniSwap’s TVL plunging by around $400 million. This was done by exchanging the UniSwap LP tokens for the assets staked on UniSwap.
How To Prevent Vampire Attacks?
A few considerations that could help prevent these kinds of vampire attacks are:
- Adding a lock-in period for new liquidity providers where they are not able to withdraw their capital for a certain amount of time.
- Restricting the number of LP tokens that each user can withdraw over a period to prevent mass migration of users and liquidity.
- A voting mechanism where users can signal which protocol they would like to use.
These solutions should help mitigate most, if not all, of the risks associated with vampire attacks and allow for healthy competition between protocols.
Conclusion
Attacks like these are rather predictable in the case of large, VC-backed players like UniSwap. Any protocol where capital is free to leave quickly is at risk since LPs can be better incentivized to perform a similar function on another protocol.