On July 6, the makers of the dog-inspired cryptocurrency Shiba Inu (SHIB) have launched the decentralized exchange (DEX) ShibaSwap. Following the rollout, the Twitter account of the SHIBA ecosystem revealed that ShibaSwap has secured over $1.5 billion of Total Value Locked (TVL) in just one day.
The TVL is a metric that represents the number of assets that are being staked in a particular protocol.
Despite the impressive starting TVL of the Shiba DEX, DeFi experts raised concerns over the safety of the project.
The DeFi Safety, which reviews the processes and transparency of crypto projects, gave the protocol a score of just 3%, which is far too low compared with other DEX projects such as Loopring, which has a score of 82%, Gnosis DEX, which has a score of 91%, and Bancor with a score of 96%.
There’s an ‘enormous amount’ of commercial interest in Cardano, Charles Hoskinson hints
Bounties offered for referring displaced Chinese Bitcoin miners to new homes
Top 15 highest-grossing NFTs sold for over $37 million in Q2 2021
ShibaSwap passed only two of DeFi Safety’s 22 review criteria. It scored low because of the project’s anonymous team and lack of transparency and documentation, among others.
In a tweet, the review platform described ShibaSwap’s 3% score as “a devastating” and called it “a prime example of what absolute negligence looks like in a protocol”.
DeFi analyst Chris Blec also commented on the protocol’s safety issues, warning that funds locked in ShibaSwap can be drained by a single Ethereum (ETH) account.
Solidity developer Joseph Schiarizzi also warned about the project. In an article on Medium, he explained how funds can be stolen from ShibaSwap staking contracts. He nonetheless gave the developers some advice on how to fix the issues and make the funds more secure.
“If the devs do all of these things immediately, I will take back my criticism and say this isn’t a scam. Until then, this staking contract is a scam, despite hundreds of millions being locked into it,” Schiarizz wrote.
The value of SHIB increased by 14% following the launch of ShibaSwap on July 6 but its price has since dropped. At the time of writing the price of the token is $0.00000797, according to data from CoinMarketCap.
The recently launched dapp on the Ethereum blockchain, Shibaswap, has a high APR for staking Liquidity Provider tokens, however, the developer can easy remove all liquidity staked in the smart contract and steal funds. Let’s walk through the code and show how it is unsafe,
then show how the dev can fix this particular issue.
First a quick primer on Liquidity Pools, AMMs like Uniswap that allow you to swap between different tokens safely and efficiently, and LP staking programs:
Liquidity is typically represented by discrete orders placed by individuals onto a centrally operated order book. A participant looking to provide liquidity or make markets must actively manage their orders, continuously updating them in response to the activity of others in the marketplace.
While order books are foundational to finance and work great for certain usecases, they suffer from a few important limitations that are especially magnified when applied to a decentralized or blockchain-native setting. Order books require intermediary infrastructure to host the orderbook and match orders.
This creates points of control and adds additional layers of complexity. They also require active participation and management from market makers who usually use sophsticated infrastructure and algorithms, limiting participation to advanced traders. Order books were invented in a world with relatively few assets being traded, so it is not surprising they aren’t ideal for an ecosystem where anyone can create their own token and those tokens usually have low liquidity. In sum, with the infrastrucural trade-offs presented by a platform like Ethereum, order books are not the native architecture for implementing a liquidity protocol on a blockchain.