Uniswap: DEXes & Open Source Risks
Dejargoning decentralized finance. The promise and perils of being open.
Last December, my friend (and former manager), Mitu Singh, shared this post on Facebook about the decentralized exchange, Sushiswap.
He has a point. Sushiswap is a decentralized exchange -- kind of like a self-governing stock market with crypto-tokens. But that doesn’t sound that ground-breaking. So crypto natives reach into both tech and finance bro jargon to make themselves seem more impressive for understanding it.
And that’s a shame because Decentralized Exchanges – also called DEXes because crypto likes to put “d” in front of words like the early internet added “e” – are pretty useful if you understand what is happening.
Imagine if you could trade stocks without paying fees to Schwab or Robinhood. Imagine if you could use your own stocks to earn fees from other traders who use the exchange. That's the promise of DEXes like the one whose story we’re featuring today: Uniswap.
Uniswap’s story is not only important because of what they built. It’s important because of how they built it. The idea for their product was open-sourced by Vitalik Buterin. Their code was also developed as an open-source project.
It's a beautiful story about a free and open internet.
But it's also a story about the cutthroat world of crypto.
That open source philosophy left them open to attacks. It almost brought the whole enterprise crashing down.
But before we talk about Uniswap, you need to hear about the spectacular collapse of crypto’s original exchange.
In the beginning, there was Mt. Gox.
Bitcoin was less than a year old when 35 year-old UC Berkeley dropout, Jed McCaleb, launched the site. Bitcoin enthusiasm was still in its infancy. But even then users needed a designated place to buy and sell the currency.
Despite rapid growth, problems appeared early. In 2011, the site was down for several days as hackers lifted 25000 BTC from their servers. At the time, BTC was worth $450,000. Today, it is worth more than $1Billion.
But that didn’t spell the end for the site. Instead, it grew through 2013, until it represented 70% of all Bitcoin exchanges. Unfortunately, a larger hack was happening under the surface. By the time the Mt. Gox team identified the hack in the Summer of 2014, hackers had stolen more than 850,000 bitcoins. Today that haul would be worth $34 Billion. That's half the value of Uber.
Early libertarian cryptocurrency advocates had encouraged users to store their cryptocurrency themselves. Self-custody, they argued, insulated assets from pesky government meddling like taxes. But the Mt. Gox hacks demonstrated that the real risk came from exposure to hacks.
Crypto-users had always had ways to keep their coins private. They stored their super-secret, private-key (password) on their own devices.
This works well enough when you just need to send your coins to a single person – like for buying a good or repaying a debt. But token exchanges depend on a large pool of deposits to facilitate trades – especially for rarer assets that do not have consistent buying and selling demand.
To keep transactions flowing, market makers agree to buy or sell tokens within a fixed price range. When you sell stock on Robinhood, you’re usually selling to a market maker who will then turn around and sell that stock to another seller. Market makers are the essential middle men of the equities markets.
A decentralized exchange tries to achieve the same liquidity as the centralized market makers without a giant pool of institutional capital. Instead, DEXes rely on members to volunteer token-pairs for each possible market. In exchange for "locking" their tokens, they receive a share of transaction fees.
But this decentralized market is easy to game or manipulate for profit.
Solving those incentive problems took five-plus-years and a lot of iteration to realize. Uniswap was the first to do it.
The Open Source Giveth…
On July 6th, 2017, Siemens laid off a 26 year old mechanical engineer named Hayden Abrams.
Karl Hoesch, a friend working at Ethereum, greeted Hayden's news with grace. Hayden remembered the conversation like this:
Congratulations, this is the best thing that could have happened to you!!! Mechanical Engineering is a dying field. Ethereum is the future and you’re still early. Your new destiny is to write smart contracts!
Karl suggested Hayden try building a project proposed by Ethereum's founder, Vitalik Buterin. That project was an Automated Market Maker. Vitalik believed that proposing this idea to the community was the best way to realize it. It was his own version of “open sourcing” a product concept.
In an automated market maker, users provide sums of two tokens in an exchange (e.g. USD and BTC) so that users can trade them. A simple formula ensures that the relative prices rise/fall in response to each token’s demand. This formula guards against manipulation. The liquidity providers then earn money by charging a fee on transactions. Any user can provide liquidity and thus share in the fees.
Hayden took on the project and built his first prototype of Uniswap in a few months. On November 2, 2018 — the final day of the Devcon Conference — Hayden pushed the site live.
His timing was fantastic.
The ICO boom of 2017 introduced scores of tradable tokens to the Ethereum ecosystem. The "DeFi Summer" of 2019 accelerated demand. Tools for swapping tokens were no longer a fun gimmick. They were essential infrastructure to a booming financial system.
Business was good.
Today it has over $4.6B in liquidity locked in its smart contracts. That liquidity powers $1B a day in token exchanges.
But here’s the thing. Uniswap was built on an open-sourced idea. Vitalik was an early booster. It was, after all, his idea. Meanwhile the project’s codebase was open source. Decentralized Finance Developers built on Uniswap, extending its reach and power.
But it also opened up a pretty clear attack vector to would-be competitors. Their product’s open source code can be copied and deployed on a competitive site in under an hour.
… and the Open Source (Almost) Taketh Away
Why the hell would a company create valuable software and distribute it in this way?
Well, there are three main reasons:
The team might have an ideological commitment to providing public goods.
Open source is a powerful way to attract a community of engaged developers.
Developers consider open source software to be more secure.
Historically, teams that build open source relied on network effects for a moat. They argued that, "You can copy the code, but not the community." Imagine launching a clone of YouTube. Even with their technology, the product is useless without the network of creators.
Uniswap was confident that their traders and liquidity providers provided network effects. As long as there was liquidity, there would be traders, and vice versa.
At least, that was their thesis...
On August 28 2020, the pseudonymous developer, ChefNomi, forked Uniswap to launch Sushiswap.
To lure users away from Uniswap, ChefNomi made a few changes to Uniswap’s model.
First, Sushiswap promised liquidity providers a greater share of ownership. Any liquidity provider that came to Sushiswap received ownership via their Sushi token. That started to earn them some hype and attract new liquidity providers.
But Uniswap had an advantage. When users on Uniswap provide liquidity, they receive a token as a proof-of-deposit. This token is redeemable for your deposit and earned fees. Theoretically, that token was only valuable on Uniswap -- locking in liquidity providers.
But Sushiswap had an idea: the Vampire Attack. They offered to buy Uniswap's proof-of-deposit tokens and pay a premium in SUSHI tokens. The gambit worked. In a week, SushiSwap sucked $1.6B worth of liquidity out of Uniswap. Sushiswap tokens were soaring in value.
In a living reminder of an old Bezos truism, Uniswap’s margin became Sushiswap’s opportunity.
But the pull of instant riches can be too strong even for those on the cusp of victory. And so it was for ChefNomi who liquidated the Sushi community treasury for a quick $14M profit. Though ChefNomi ultimately repented, the controversy sapped Sushiswap of momentum.
It also allowed Uniswap to rally. The platform responded by promising that they would also offer governance tokens.
Sushi's cutthroat tactics proved an important point. If communities are strategic assets in web3, they deserve rewards for staying aligned. Thus, Sushiswap's move demonstrated the importance of the DAO structure in DeFi. Locking in a network has become more costly to owners and more profitable to members. This incentivizes these liquidity providers to act in the community's long term interest. It's a win-win.
For proof of that, you need only look at the continued success of both communities.
Sushiswap continued to thrive (after the community persuaded its scheming founder to relent). It has a market cap of $452M. Uniswap, meanwhile, fully recovered and began offering its own equity-token. Today it is worth over $7B.
An open-source project with a large community of contributors can work. But their attentions are fickle. Uniswap's saga shows just how important community relations will be to the coming era of DAOs. Tighter incentives and community managers will be critical as we move from the corporate era into one governed by autonomous communities.