The OpenRelay group published a blog post yesterday which demonstrated that it is possible to distort the data reported on decentralized exchange (DEX) trackers. OpenRelay first discovered the problem after noticing an order that listed their name, even though they were not involved in the order:
“At first we thought someone had found a way to get an order into our order book without the required fees. But when we looked up the order on our order book, it wasn’t there.”
It turns out that when an order is placed on a decentralized exchange, the creator can enter “anything they want” in various fields. Relayers will then inspect the order and decline it if it does not involve one of their trading pairs.
However, there is nothing that actually stops anyone from creating an order that will be rejected, and data-hungry tracking sites will eagerly jump on the information.
The OpenRelay team exploited the problem in a mostly harmless experiment involving minor tokens. They created several Embiggen trades involving relayers that did not support the Embiggen token. As a result, they had created “several valid 0x orders…pretending to be from every 0x relayer in the registry.”
None of the relayers accepted the order, as was expected, but the 0x contracts that underlie many DEXes considered the orders to be “perfectly valid.” This led DEX trackers to incorrectly report trading data: Etherscan and 0xtracker both reflected OpenRelay’s false trades.
Even though no one’s crypto holdings are directly at risk from this sort of attack, the practice of “gaslighting” could distort market prices. OpenRelay attempted to trade MBGN precisely because it is not a valuable token, but the group notes that genuine attacks could involve more valuable cryptos such as WETH or DAI. This could lead coinholders to make investment decisions based on false trading volumes.
Although DEXes provide users with anonymity and freedom from regulations, those reduced constraints also carry drawbacks. Analyzing decentralized exchanges is difficult even at the best of times, according to OpenRelay:
“Getting accurate pricing on a decentralized system is hard. It’s generally impossible to tell if trading volume is real, or just individuals trading between their own accounts.”
OpenRelay deals with this challenge by offering a flat fee instead of analyzing market-wide prices. Of course, their personal practices will not stop trackers from analyzing the market. As such, the group notes that the 0x API does provide endpoints which allow market trackers to verify the data in a DEX order.
It remains to be seen if Etherscan or 0xtracker will take on the task of fully verifying their data. However, Etherscan has responded to threats in the past, which is a good sign of the platform’s overall integrity.
The post “Gaslighted” DEX Trackers Report Several False Trades appeared first on UNHASHED.