The recent developments in the DeFi space have resulted in AMMs (automated market makers) becoming increasingly popular on decentralized exchanges (DEXs). Liquidity is a key component of DeFi applications, specially DEXs. They need constant supply and demand to stay liquid, and without trading activity, they will fail. Traditional order book-based models were incapable of enforcing liquidity consistency when decentralized participants were involved in DEX protocols. As a result of AMMs, those who use smart contracts (code deployed on the blockchain) do not have to be concerned about the liquidity requirements of a DEX. It’s important to cover some ground before diving into the details of vampire attacks on AMMs and the effects they have on these platforms.

DEXs and AMMS:

Using a DEX, users can trade crypto tokens with each other without the need for a third-party intermediary. Customers do not have to submit any personal information to use the platform, making it possible for them to trade anonymously. But since all transactions are recorded on the blockchain, DEXs are not completely anonymous. DEXs can be classified into two main categories:

  • DEXs Based on Order Books: A DEX based on an order book enables users to buy and sell orders at their desired prices, while orders are recorded in a central ledger and users retain ownership of their assets.
  • Liquidity Pools Bases DEXs: Most of these DEXs rely on automated market makers (AMMs) for asset pricing. Collections of token pairs can be traded in smart contracts using Liquidity Pools (LPs). Some liquidity pools allow the use of more than two tokens or crypto pairs. AMMs, which are essentially smart contracts that manage liquidity pools, help facilitate cryptocurrency trading on DEXs. A small fee paid by traders to fund the pool creates a win-win situation for both the liquidity providers and the traders, who benefit from this arrangement.

So, what Are Vampire Attacks?

The core concept behind vampire attacks in defi is, surprisingly, quite simple. The main idea lies in creating the same (or approximately) the same protocol, but empowering it with a more profitable and attractive incentive mechanism.

For instance, the development of a protocol similar to Uniswap, will not cause many difficulties as long as Uniswap smart contracts code is open source or visible on Etherscan. So, in order to create such DEX, the one should just fork the repository with code of the protocol, provide his new specific changes and deploy contracts on Ethereum.

Introducing a very strong incentive mechanism for liquidity providers is the basics of liquidity vampire attacks. Then, it is just a matter of time when to expect a huge wave of liquidity to your new-born “forky” project. Such actions are called migration mining

Why do Vampire Attacks transpire?

The goal of a vampire attack is to persuade users to switch from their current protocol to one that is more profitable for them. A vampire attack targets a popular protocol to gain the following three things:

  1. Users
  2. Liquidity
  3. Trading Volume

One of the most infamous vampire attacks was carried out by SushiSwap, the dominant DEX platform that offered better liquidity provider rates than UniSwap. A significant number of Uniswap Investors moved their assets to SushiSwap in response to this development.

Types of Vampire attacks:

Migration Mining

Migration mining, or MM, is a means of getting liquidity on a Liquidity dependent protocol from other protocols. The two most important things for migration mining protocols to work are a long lock-up period and the migration process itself. So, this method works as follows:

  • The user sees the chance for further liquidity incentives and withdraws his money from protocol A
  • The Liquidity is supplied to protocol B
  • The liquidity is locked up for a certain period of time
  • The user receives a reward in protocol B tokens for providing liquidity

The lock-up duration is critical in Defi because it assures long-term lockup of liquidity inside protocol B. Keep it till the opponent (initial protocol A) is eliminated. Vampire attacks are so termed because project B literally sucks the liquidity from project A. Simple Liquidity Vampire Attacks In Defi, a simple vampire attack relies on the fact that the “fork protocol” B has its native token, while protocol A does not have it. Liquidity attacks in this context are easy to execute. There are no reward tokens in Project A, and only a small portion of a transaction fee is paid out to liquidity providers. The lack of incentives in project A means that LPs will look for other ways to engage. This leads to LPs migrating their liquidity to Protocol B because they see attractive opportunities there. Protocol B tokens are the reward in return. As a result, project A’s liquidity starts to deteriorate and trade volume begins to decline. Uniswap has recently been the victim of this type of attack.

Advanced Liquidity Vampire Attacks

In the advanced model of liquidity vampire attack, both sides – Protocol A and Protocol B – should have a token. 

In advance, the malicious project B starts to lend as much A protocol tokens as it can. Then it starts to sell A tokens while actively buying its own B tokens on the market and establishing a higher price for token B by this. 

The price for token A is getting lower and LPs start to think of migrating their liquidity to other protocols. At this time, vampire protocol B offers very attractive terms for LPs, in case of migration and long liquidity lock-up. Therefore, LPs start to migrate from Protocol A to protocol B. 

The liquidity is being “sucked away” out of protocol A and it’s crashing while protocol B can celebrate the successful attack finish. 

Preventing Vampire Attacks:

These attacks are common against big players like Uniswap and Curve, but not exclusively. Vampire forks may be known to protocol developers if the protocol is open-sourced. Here are some ways for avoiding vampire attacks:

  • Adding a lock-in period for new liquidity providers, which prevents them from withdrawing capital for a predetermined period of time.
  • The number of LP tokens that a user can withdraw at a time is being restricted in order to prevent a large number of users and liquidity from leaving the platform at once.
  • A way for users to vote on which protocol they prefer to use.

Vampire attacks can be mitigated by these solutions, which should allow for healthy competition between protocols.

See ya in the next article !

Don’t forget to follow useful articles about Crypto Market from team Holding B !!!