en
Back to the list

Vampire Attacks in DeFi, What Is It All About?

source-logo  cryptoknowmics.com 11 April 2022 19:05, UTC

The recent developments in the DeFi space have resulted in AMMs (automated market makers) becoming increasingly popular on decentralized exchanges (DEXs). Liquidity is a key component of DeFi applications, specially DEXs. They need constant supply and demand to stay liquid, and without trading activity, they will fail. Traditional order book-based models were incapable of enforcing liquidity consistency when decentralized participants were involved in DEX protocols. As a result of AMMs, those who use smart contracts (code deployed on the blockchain) do not have to be concerned about the liquidity requirements of a DEX. It's important to cover some ground before diving into the details of vampire attacks on AMMs and the effects they have on these platforms.

DEXs and AMMS:

Using a DEX, users can trade crypto tokens with each other without the need for a third-party intermediary. Customers do not have to submit any personal information to use the platform, making it possible for them to trade anonymously. But since all transactions are recorded on the blockchain, DEXs are not completely anonymous. DEXs can be classified into two main categories:

  • DEXs Based on Order Books: A DEX based on an order book enables users to buy and sell orders at their desired prices, while orders are recorded in a central ledger and users retain ownership of their assets.
  • Liquidity Pools Bases DEXs: Most of these DEXs rely on automated market makers (AMMs) for asset pricing. Collections of token pairs can be traded in smart contracts using Liquidity Pools (LPs). Some liquidity pools allow the use of more than two tokens or crypto pairs. AMMs, which are essentially smart contracts that manage liquidity pools, help facilitate cryptocurrency trading on DEXs. A small fee paid by traders to fund the pool creates a win-win situation for both the liquidity providers and the traders, who benefit from this arrangement.

So, what Are Vampire Attacks?

There is a simple concept behind crypto vampire attacks. Its objective is to create a protocol that is similar to or identical to the current one but with a more lucrative and appealing incentive mechanism. Having a DEX with a more advantageous incentive mechanism will attract investors who are looking for the best possible rates.

Why do Vampire Attacks transpire?

The goal of a vampire attack is to persuade users to switch from their current protocol to one that is more profitable for them. A vampire attack targets a popular protocol to gain the following three things:

  1. Users
  2. Liquidity
  3. Trading Volume

One of the most infamous vampire attacks was carried out by SushiSwap, the dominant DEX platform that offered better liquidity provider rates than UniSwap. A significant number of Uniswap Investors moved their assets to SushiSwap in response to this development.

Types of Vampire attacks:

Migration Mining

Migration mining, or MM, is a means of getting liquidity on a Liquidity dependent protocol from other protocols. The two most important things for migration mining protocols to work are a long lock-up period and the migration process itself. So, this method works as follows:

  • The user sees the chance for further liquidity incentives and withdraws his money from protocol A
  • The Liquidity is supplied to protocol B
  • The liquidity is locked up for a certain period of time
  • The user receives a reward in protocol B tokens for providing liquidity

The lock-up duration is critical in Defi because it assures long-term lockup of liquidity inside protocol B. Keep it till the opponent (initial protocol A) is eliminated. Vampire attacks are so termed because project B literally sucks the liquidity from project A. Simple Liquidity Vampire Attacks In Defi, a simple vampire attack relies on the fact that the "fork protocol" B has its native token, while protocol A does not have it. Liquidity attacks in this context are easy to execute. There are no reward tokens in Project A, and only a small portion of a transaction fee is paid out to liquidity providers. The lack of incentives in project A means that LPs will look for other ways to engage. This leads to LPs migrating their liquidity to Protocol B because they see attractive opportunities there. Protocol B tokens are the reward in return. As a result, project A's liquidity starts to deteriorate and trade volume begins to decline. Uniswap has recently been the victim of this type of attack.

Advanced Liquidity Vampire Attacks

Protocol A and Protocol B should both have a token in the advanced model of a liquidity vampire attack. The conspiratorial project B begins lending as many A protocol tokens as it can ahead of time. Then it begins to sell A tokens while simultaneously purchasing its own B tokens from the market, thereby driving up the price of token B. The price of token A is falling and LPs are thinking about moving their liquidity to other protocols as the price continues to fall. There are attractive terms for LPs in the case of migration and long liquidity lock-up for vampire protocol B at this time. As a result, LPs begin to switch from Protocol A to Protocol B. It's like protocol A is being "sucked" out of existence while protocol B gains from its competitor's decline.

Preventing Vampire Attacks:

These attacks are common against big players like Uniswap and Curve, but not exclusively. Vampire forks may be known to protocol developers if the protocol is open-sourced. Here are some ways for avoiding vampire attacks:

  • Adding a lock-in period for new liquidity providers, which prevents them from withdrawing capital for a predetermined period of time.
  • The number of LP tokens that a user can withdraw at a time is being restricted in order to prevent a large number of users and liquidity from leaving the platform at once.
  • A way for users to vote on which protocol they prefer to use.

Vampire attacks can be mitigated by these solutions, which should allow for healthy competition between protocols.

Ending Note

In the case of big, VC-backed players like UniSwap, this kind of attack is rather foreseeable. Any system that would allow capital to leave quickly is vulnerable, as LPs can be better rewarded for performing a similar activity on another network.

cryptoknowmics.com