DYdX (DYDX)

From CryptoWiki

Revision as of 04:39, 12 December 2022 by Grand Master Pepe (talk | contribs) (→‎DAO)

A decentralised exchange for perpetual contracts

Basics

History

"I got into crypto back in 2015 when I had my first job out of college, which was at Coinbase as a software engineer. And I kind of got to Coinbase pretty differently than the way most people got there. The way most people got to Coinbase, especially back in 2015, is that they were really into Bitcoin, and especially back then in 2015, Bitcoin was really all there was in terms of the interesting stuff going on in crypto. But I didn't really know that much about it.

And through the interview process met a lot of really awesome people, was really fortunate while I was there to be able to work with just a lot of the top people in blockchain at the time were at Coinbase, or if they weren't they were probably coming to Coinbase and giving talks. Like Vitalik came really early on in the life cycle of Ethereum to talk to us, and Olaf Carlson-Wee, was there giving presentations on smart contracts and gas usage on Ethereum, and all this kind of stuff. So that just got me really excited about what was possible to build based on that new technology.

Because I really think of finance as a stack, especially decentralized finance as a stack where first you have decentralized money like Bitcoin and Ethereum and stuff, then you have decentralized spot exchanges like at the time, it was Kyber and 0x, and then the next logical thing to build on top of that is derivatives. But you can't build anything higher in the stack without things lower in the stack, and that's kind of what I was getting at back with the timing point. So been working on dYdX since then, we’re founded in 2017, so I've been around for a while now."

Audits & Exploits

"Funds can be stolen if…

  1. a contract receives a malicious code upgrade. There is no delay on code upgrades (CRITICAL).

Funds can be lost if…

  1. the proof system is implemented incorrectly,
  2. the user is unable to find the counterparty for the force trade.

Users can be censored if…

  1. the operator refuses to include their transactions. They can still exit the system.

MEV can be extracted if…

  1. the operator exploits their centralized position and frontruns user transactions."
  • Got again updated (20-6-2022) to 93%:

"dydx has 2 audits that were made pre-launch alongside additional Layer 2 audit. Pre-launch audits can be found here."

  • Got updated to an 92% score (29-12-2020): "[This review] was performed using the Process Audit process (version 0.2) then was updated to V0.4 on 27 July 2020 and then 0.6 in 29 December 20202. The process is documented here. The audit was performed by ShinkaRex of Caliburn Consulting.

They have one audit from a top level audit organization. The audits is public and they have implemented findings in order to improve their code."

  • Scored a 77% on DeFi Safety (9-2020): "dydx had multiple audits through their development as documented on their site. The OpenZeppelin audit included improvements that were resolved as indicated. The link to the Bramah audit is broken meaning the audit report is not public. We will not give credit for the second audit. They have one audit from a top level audit organization. The audits is public and they have implemented findings in order to improve their code."

Bugs/Exploits

"dYdX free gas vulnerability disclosed, $25k bounty paid"

"dYdX deposit proxy post mortem, contract had user ERC20 approvals and could make arbitrary calls, $200k stolen, $500k bug bounty paid."

"The dYdX team was alerted of a security issue with a newly deployed smart contract. A white hat recovery of potentially vulnerable funds was executed in partnership with @samczsun and the dYdX team, and all potentially vulnerable funds were saved."

Liquidations in 1-2020

"During the drop to $120/ETH dYdX saw their total assets locked up drop from $30m all the way down to $15m! Why? Basically the volume of people trying to liquidate was so high that dYdX's front-end servers collapsed under the pressure. As a result many traders got liquidated and lost a lot of confidence in the platform. They're slowly making their way back up but it really shows how an incident like this can cause irreparable harm to a product/protocol's reputation when it comes to reliability. When we think about making software, reliability isn't a big as a focus compared to more traditional industries like medicine/automobiles etc due to the ease of making changes. However, I think the mindset of ensuring reliability in all cases is hard to enforce in the land of money enabled software as it takes a different mindset when designing your architecture (not just for smart contracts but the entire stack). The team's more than capable of fixing this but it should serve as a good reminder to any DeFi team that the reliability of your front-end is just as important as the reliability of your contracts, especially if the number of 3rd party interfaces for your protocol is limited. Furthermore, if liquidity is a moat to defend, a large loss of it can really impact both sides of the money market's equation."

Governance

Admin Keys

"The system has a centralized operator. The operator is the only entity that can propose blocks. A live and trustworthy operator is vital to the health of the system. Typically, the Operator is the hot wallet of the StarkEx service submitting state updates for which proofs have been already submitted and verified. If the user experiences censorship from the operator with regular exit they can submit their withdrawal requests directly on L1. The system is then obliged to service this request. Once the force operation is submitted if the request is serviced the operation follows the flow of a regular exit.

The system uses the following set of permissioned addresses:

  1. dYdX Governance 0x7E9B…18D2 (Contract) Defines rules of governance via the dYdX token. Can upgrade implementation of the rollup, potentially gaining access to all funds stored in the bridge. Currently there is no delay before the upgrade, so the users will not have time to migrate.
  2. GpsStatementVerifier Governor 0x3DE5…F5C6 (EOA) Can upgrade implementation of Verifier, potentially with code approving fraudulent state. Currently there is no delay before the upgrade, so the users will not have time to migrate.
  3. Operator 0x8129…390a (EOA) Allowed to update state of the rollup. When Operator is down the state cannot be updated."

"All contracts are labelled as upgradeable in the Voting & Governance repository under governance parameters. Ownership is indicated as MultiSig in the 4_ownership.js files in the code. dydx has a function similar to Pause controls called Pauser/Unpauser role, which allows to pause updates to the merkle root through a timelock. There are however no further detail or testing done on the function. Different timelock durations are applied depending on the functions executed, ranging from 1 day to 21 days."

"What’s interesting about dYdX is that while they maintain and have built a product on top of the protocol, the “DEX” fees accrue to the underlying company and not a decentralized ecosystem of tokenholders. Therefore, while dYdX operates a non-custodial exchange powered by its users, the revenues from trading fees directed towards the parent company actually brings dYdX closer to a CEX rather than a DeFi protocol."

"dYdX's protocol is upgradeable via an admin key with a 3-day timelock and 2-of-3 multisig. The admin key is capable of making changes to critical parts of the smart contract ecosystem."

"dYdX also provides a code audit report but has not performed formal verification. In the financial risk domain dYdX has maintained high liquidity and a moderate to high collateral index score."

  • Was classified Degree 4 DeFi on the HackerNoon rankings of 25-4-2019. "These DeFi products are non-custodial, have permissionless margin calls, permissionless provision of margin call liquidity, and decentralized price feeds, but centrally determine interest rates and centrally control platform developments and updates."
  • A BIG side note, is that the blog was written by Kyle J Kistner who is Chief Vision Officer at bZx. He gave his own project the highest ranking. What a surprise.
  • From the comprehensive blog post:

"Custody: dYdX smart contracts are non-custodial from the point of loan origination.

Initiating Margin Calls: Margin calls can be initiated by anyone. There is a 5% discount on liquidated collateral to incentivize margin callers. Margin calls are permissionless.

Margin Call Liquidity: Anyone can provide margin call liquidity, making this feature decentralized.

Price Feeds: dYdX uses the MakerDAO price feed for ETH and DAI, but also uses the Uniswap and ETH2DAI price feed to bound the update price to mitigate attacks on the feed. The MakerDAO price feed is semi-centralized, but is also not controlled by dYdX. For this reason we believe the dYdX price feed should be considered decentralized, but not as decentralized as using Kyber. It should be noted that the centralization of the dYdX approach increases the cost of an attack on the price feed.

Interest Rates: dYdX sets the interest rate model parameters, giving them central control over the interest rates.

Development: The dYdX smart contracts are centrally developed and closed source. The team reports that the contracts will be verified on Etherscan shortly."

Admin Key OpSec Risk Assessment

"Current Admin Key Config- Time Lock: 3 days

Current Admin Key Config- Multisig: 2-of-3

Claimed Admin Key OpSec: None

Verified Admin Key OpSec: Unferifiable

Is security of deposited funds dependent on opsec of admin key?: Yes

Admin Key Address: Link

Documentation on Admin Key Powers: Help Center Article

Additional Info (if any)? Bramah Audit (Highly Privileged Accounts)"

DAO

"There are also plans to decentralize the protocol. “Our goal really is to get to a point where we’re only publishing open-source code and all of dYdX is run natively on the blockchain, and the blockchain is available to more people in more places in the world,” said Juliano."

Treasury

Token

Launch

"While the tokens can be claimed already, users will need to wait until September 8th for it to become transferrable."

"dYdX dropped 7.5% of its initial billion-strong token supply on Sept 8. At the current price of $11.12, those 75M tokens are worth more than $800M. At one point the airdropped tokens’ value eclipsed $1B."

Token Allocation

"More than 64,000 Ethereum addresses can claim the token granted they make at least one trade in August. The protocol is rewarding past users with an airdrop of the token DYDX. The distribution of 7.5% of the total tokens will take place during the next 28 days."

Utility

"dYdX at $200m in “revenue” in the past 180 days. This is a pretty misleading figure in general since it bakes in two core assumptions. The first is that a lot of that “revenue” goes to lenders not dYdX token holders. The next part is that the 5% fee that is mentioned in their docsgoes to an insurance fund and not token holders. The dYdX team has been very transparent about this and mentioned this in a tweet when the token went live. I don’t really know how profitable dYdX really is but regardless, nothing accrues to the token holders."

Other Details

Coin Distribution

Tech

"dydx's solo repository has recorded 501 commits and 2 branches, earning them a 100%."

“Our goal really is to get to a point where we’re only publishing open-source code and all of dYdX is run natively on the blockchain, and the blockchain is available to more people in more places in the world,” said Juliano."

Implementations

How it works

"Each update to the system state must be accompanied by a ZK Proof that ensures that the new state was derived by correctly applying a series of valid user transactions to the previous state. Once the proof is processed on the Ethereum blockchain the L2 block is instantly finalized. The system state is represented using Merkle roots. All the relevant data that is used to recover the L2 balances Merkle Tree is published on-chain as calldata. This includes, in addition to the proven new state, the complete list of differences of the users' balances from the previous state.

Force exit allows the users to escape censorship by withdrawing their funds. The system allows users to force the withdrawal of funds by submitting a request directly to the contract on-chain. The request must be served within a defined time period. If this does not happen, the system will halt regular operation and permit trustless withdrawal of funds. Perpetual positions can also be force closed before withdrawing, however this requires the user to find the counterparty for the trade themselves."

"So we at dYdX are what's known as a hybrid exchange, so that means that we have some centralized components which are our order book, and our matching engine services, and then some decentralized components, which are, of course, the smart contracts which run on the blockchain and make everything noncustodial.

So given that we run on an order book, we don't run on automated market makers, and kind of the reason for that is just order books are a lot more efficient in terms of being able to make the exchange have much more liquidity for the same amount of maker capital. Automated market makers are great, but they're very capital intensive. So you have to have, if you're Uniswap, or Sushiswap, or whatever, billions of dollars locked on the exchange to approach a similar level of liquidity as other exchanges that operate on order books have. So that's the way it works right now.

And then I think the other piece that's really critical to dYdX and the main kind of differentiator for us over most other decentralized exchanges is that we're focused on more advanced financial products. So the current product that we're really focused on is a synthetic, which is known as a perpetual contract. Probably a lot of people in crypto are already familiar with this. It's basically financially the same product that was really popularized by Bitmex and it is now super popular across the space on exchanges like Binance and FTX.

Introduction of fees

" The 5% fee that is mentioned in their docsgoes to an insurance fund and not token holders. "

  • Trading fees are distributed to the parent company. 
  • Initially, using dYdX was free, however, in early 2020 they introduced fees. From their blog (3-3-2020):

"There are separate taker and maker fees, based on each trading pair. dYdX has been paying transaction fees for all trades since September. When orders are matched, dYdX submits a transaction to execute the matched trades on-chain. This has cost us over $40,000 in February alone."

Upgrades

Staking

"A safety staking pool will distrbute more of the governance token to users who stake the governance token. This safety pool will be used to create a safety net in case of a security failure. This pool will go live as DYDX becomes transferraible on September 8th."

"Over $108M USDC across 400+ stakers is now being staked in Liquidity Staking Pool. This pool functions as a zero-interest, uncollateralized loan to known market makers governed by the dYdX Community. This capital will be used by market makers to continue to bolster liquidity on dYdX order books."

Liquidity Mining

Scaling

"dYdX is excited to announce a partnership with StarkWare. Our engineering teams are collaborating on a Layer 2 scaling solution for Perpetual Contracts, based on StarkWare’s StarkEx scalability engine and dYdX’s Perpetual smart contracts. Our Perpetual Contracts will be powered by StarkEx by the end of this year."

Interoperability

Other Details 

"dYdX recently launched their BTC perpetual contracts. These contracts operate on the Ethereum blockchain and this system is the first non-custodial way to get exposure to BTC price movements in the Ethereum DeFi ecosystem. It was in private beta prior to launching publicly on May 13th. The protocol offers up to 10x leverage. Since launch, the protocol has seen good volumes, with daily volume exceeding $12M in a single day of trading. That pushed dYdX to the top of DEX volume."

Oracle Method

"dydx documents its oracles' smart contract addresses here and their respective functions as well as their source is documented here. dydx documents front running mitigation in their documentation. In fact, they move to an entirely new network for it.

While the Guardian role has functions related to "restrict[ing] open actions with borrowed funds", there are no clear flashloan attack mitigation techniques documented. In addition, flashloans are critical to the operation of dYdX so they would not seek to prevent flashloan usage by their userbase."

"Oracle Method

Prices are fed to the dYdX smart contracts through price oracles that run on Ethereum. dYdX uses different price oracles for different assets.

For ETH, dYdX uses the MakerDAO ETH-USD V1 Oracle that is used by MakerDAO for their stablecoin SAI, and relies on a distributed network of reporters that report the price of ETH in USD.

For SAI, dYdX uses a price of $1. SAI can no longer be borrowed and is basically worth 0 as collateral. We only include this oracle method for completeness.

For DAI, dYdX uses our own price oracle which calculates the USD price of DAI using a combination of Oasis Trade's on-chain orderbook, Uniswap, and the MakerDAO ETH-USD oracle. The oracle also has several protections against price manipulation on eth2dai and Uniswap.

For USDC, dYdX uses a price of $1 as USDC is exchangeable 1:1 with USD on Coinbase.

Contract Addresses

Up-to-date contract addresses for the Oracles that dYdX uses can be obtained by calling the getMarketPriceOracle function on dYdX's Solo Margin contract.

Currently the addresses are:

  • WETH Oracle (Market ID 0): 0xf61AE328463CD997C7b58e7045CdC613e1cFdb69
  • SAI Oracle (Market ID 1): 0x91d8825e0294d6628f8C93ac8ddA88773618608a
  • USDC Oracle (Market ID 2): 0x52f1c952A48a4588f9ae615d38cfdbf8dF036e60
  • DAI Oracle (Market ID 3): 0x0fBd14718d8FAB8f9f40Ee5c5612b1F0717100A2

Source

Compliance

"Blocking people from using the protocol."

"Although they claim to be a decentralized exchange, their Perpetual services are unavailable to Americans, so the specifics of their decentralization are a bit unclear. They have taken some notable steps towards decentralization, including launching a dYdX Foundation based in Switzerland."

Roadmap

  • Is planning to become an AppChain, built with the Cosmos SDK (23-6-2022).
  • From their twitter (12-1-2022):

"dYdX V4 will be fully decentralized, community controlled, and have no central components. dYdX V4 will be open source, fully decentralized and entirely controlled by the community. In addition to full decentralization, we are exploring: Other trading products, such as spot, margin, and additional synthetic products."

"There are also plans to decentralize the protocol. “Our goal really is to get to a point where we’re only publishing open-source code and all of dYdX is run natively on the blockchain, and the blockchain is available to more people in more places in the world,” said Juliano."

Usage

"dYdX at $200m in “revenue” in the past 180 days. This is a pretty misleading figure in general since it bakes in two core assumptions. The first is that a lot of that “revenue” goes to lenders not dYdX token holders. The next part is that the 5% fee that is mentioned in their docsgoes to an insurance fund and not token holders. The dYdX team has been very transparent about this and mentioned this in a tweet when the token went live. I don’t really know how profitable dYdX really is but regardless, nothing accrues to the token holders."

"Tokens are critical for rollup projects. Interesting data point from dYdX. Daily volumes: - Token announced: shot up from $25M to $300M - Token released: $300M to $9B"

Since the DYDX token launch, dYdX has quickly (14-8-2021) become the top decentralized perpetuals exchange by volume (>$1B weekly volume), passing Perpetual Protocol. Weekly active traders on the network increased 635% to a total of 8,784 unique addresses. This has been largely driven by the Retroactive Mining and Trading Rewards Programs, which incentivizes 64,306 historical users of dYdX to onboard onto the L2 protocol and start trading.

"dYdX recently launched their BTC perpetual contracts. Since launch, the protocol has seen good volumes, with daily volume exceeding $12M in a single day of trading. That pushed dYdX to the top of DEX volume. Average trade size is always a good metric for an exchange. dYdX shines here with liquidity from their off-chain orderbook/on-chain settlement system. Post-launch, they saw average trade sizes of up to $7k. Trades per day naturally follows volatility, but dYdX has seen on average around 400 trades per day since launch."

"At inception it used 0x and Oasis DEXs to source liquidity. Late last year they launched their native markets. These markets allow users to trade with each other. dYdX's native market has seen significant growth since launching last year. On Black Thursday (March 12th, 2020), dYdX saw massive influx in amount traded, despite having to increase the minimum trade amount. (at the peak, the minimum amount was 50 ETH). That minimum clearly didn't matter much to users."

"At inception it used 0x and Oasis DEXs to source liquidity. Late last year they launched their native markets. These markets allow users to trade with each other. dYdX's native market has seen significant growth since launching last year. On Black Thursday (March 12th, 2020), dYdX saw massive influx in amount traded, despite having to increase the minimum trade amount. (at the peak, the minimum amount was 50 ETH). That minimum clearly didn't matter much to users."

"Since implementing their revenue model [fees], trading volume has only continued to explode, recently reaching it’s ATH in volume of $45M on Black Thursday a few weeks back."

Pros and Cons

Cons

"dYdX at $200m in “revenue” in the past 180 days. This is a pretty misleading figure in general since it bakes in two core assumptions. The first is that a lot of that “revenue” goes to lenders not dYdX token holders. The next part is that the 5% fee that is mentioned in their docsgoes to an insurance fund and not token holders. The dYdX team has been very transparent about this and mentioned this in a tweet when the token went live. I don’t really know how profitable dYdX really is but regardless, nothing accrues to the token holders."

Team, Funding, partners

Funding

"Raised $10 million in a Series B round. Three Arrows Capital and DeFiance Capital led the round, which also included investments from GSR, Hashed, RockTree Capital, Scalar Capital, SCP, Spartan Group, and Wintermute."

  • Raised $65M in a Series C raise (15-6-2021):

"A number of new strategic investors participated in the Series C raise alongside Paradigm, including liquidity providers QCP Capital, CMS Holdings, CMT Digital, Finlink Capital, Sixtant, Menai Financial Group, MGNR, Kronos Research; venture capital firms HashKey, Electric Capital, Delphi Digital; and StarkWare."

Partners

(:

Knowledge empowers all and will help us get closer to the decentralized world we all want to live in!

Making these free wiki pages is fun but takes a lot of effort and time.

If you have enjoyed reading, tips are appreciated :) This will help us to keep expanding this archive of information.

ETH tip address: 0x83460bE5F218b1520B69D702cE60A1DE37dD8E31

Retrieved from "https://cryptowiki.me/index.php?title=DYdX_(DYDX)&oldid=18205"