Understanding the Security Risks of Decentralized Exchanges by Uncovering Unfair Trades in the Wild
Jiaqi Chen, Yibo Wang, Yuxuan Zhou, Wanning Ding, Yuzhe Tang, XiaoFeng Wang, Kai Li
TL;DR
This work addresses security risks in decentralized exchanges by exposing fairness violations and extractable value (EV) in AMMs. It presents a large-scale, end-to-end transaction-analysis pipeline that analyzes $60$ million transactions across six DEXes on Ethereum and BSC, uncovering $671400$ unfair trades and about $55000$ token-theft incidents with losses above $3.88$ million USD. The study identifies novel EV patterns tied to non-standard token behaviors (e.g., rebases and token interest) and adaptive attacker strategies, and it demonstrates the feasibility of notifying developers and proposing concrete countermeasures. The authors propose secure AMM pool redesigns (e.g., ETHRelay-based verification) and off-chain mitigations, along with open-source patches, to harden deployed services against the discovered risks, offering a practical path toward more robust DeFi protocols.
Abstract
DEX, or decentralized exchange, is a prominent class of decentralized finance (DeFi) applications on blockchains, attracting a total locked value worth tens of billions of USD today. This paper presents the first large-scale empirical study that uncovers unfair trades on popular DEX services on Ethereum and Binance Smart Chain (BSC). By joining and analyzing 60 million transactions, we find 671,400 unfair trades on all six measured DEXes, including Uniswap, Balancer, and Curve. Out of these unfair trades, we attribute 55,000 instances, with high confidence, to token thefts that cause a value loss of more than 3.88 million USD. Furthermore, the measurement study uncovers previously unknown causes of extractable value and real-world adaptive strategies to these causes. Finally, we propose countermeasures to redesign secure DEX protocols and to harden deployed services against the discovered security risks.