The crypto dream is to make the exchange of value global and frictionless. But the crypto reality is quite different, with security and scalability concerns driving constant trade-offs.
An estimated 99% of asset transfers take place on centralized exchanges (CEXs). As such, they are likely to remain a central fixture of the crypto trading landscape for the foreseeable future. CEXs are fast and convenient, but typically require traders to deposit funds in an account controlled by the exchange. Unfortunately, history illustrates that this loss of sovereignty over a user’s digital assets can be an extremely costly compromise. Decentralized exchanges (DEXs) offer an intriguing alternative, but are still not yet ready for prime time. Thus, how can we bridge the gap between user sovereignty and exchange performance?
When it comes to custody, control is better than trust
The nightmare scenario for traders who use CEXs is that they might fall victim to hacking or fraud and lose their deposited funds. Although seven years have passed since the collapse of Mt. Gox in 2014, its name remains synonymous with the dangers of cryptocurrency fraud. Once the world’s largest bitcoin exchange, it filed for bankruptcy in 2014 after an estimated 650,000 customer Bitcoins went missing. The victims are still attempting toreceive partial compensation from the insolvency process in 2021.
Sadly, this form of counterparty risk remains a threat to this day. In April, the founder of Turkish exchange Thodex absconded with $2 billion of investor assets unaccounted for; a year before that, China’s FCoin and Australia’s ACX both closed without warning. Whether those failures were due to fraud, a hack, or problems with the business model will not matter much to the investors left out of pocket. In an ideal world, the exchange operator (or a hacker who has compromised an exchange) should be denied the ability to move client funds discretionarily between accounts.
The status quo: managing risk brings greater costs
For well capitalized or well-connected traders, there are ways to mitigate these risks, but the solutions come with their own drawbacks.
Credit is one way to avoid having to prefund an account. Yes, that is possible — if you are willing to pay high fees to a broker, or if you can get a credit line with a particular exchange by establishing yourself as a top customer. Either way, it is expensive (and in the latter case, slow). And only the very biggest spenders stand any chance of developing such a good relationship with multiple exchanges.
Off-exchange settlement networks provide an alternative to loading funds directly onto exchanges. These intermediaries (such as BitGo Prime and Anchorage Digital) hold the trader’s funds and take on the counterparty risk for each exchange. In the current environment, such intermediaries provide a valuable service for institutions, but they still represent an added layer of expense. So much for frictionless trading.
DeFi and the trouble with transparency
If the problem is the loss of asset sovereignty on CEXs, could DEXs be the solution? Yes and no. By using smart contracts and decentralized liquidity pools to enable asset swaps, DEXs remove intermediaries and enable traders to retain sovereignty over their assets. However, DEXs also involve heavy compromises, particularly for larger traders.
On a DEX, instead of buyers and sellers being paired through a centralized matching engine, a smart contract performs the trades. Participants called “yield farmers” can lock their assets into a liquidity pool and earn yields in return. Each liquidity pool facilitates trading for a particular pair of assets (such as Bitcoin and Tether, for example). The smart contract will adjust yields according to the relative volume of assets in the pool, in order to attract more of the scarcer asset and maintain a healthy balance. At the same time, the transaction fee a trader pays will vary depending on the relative scarcity of the assets involved.
Although innovative, this approach does not scale well. Depending on the size of the liquidity pool, large trades can immediately have a strong effect on trading fees. In addition, DEXs are highly susceptible to frontrunning. Frontrunners are traders (often bots) who scan for information that suggests a big trade is coming, then jump in with their own transaction to profit from the expected price move. Of course, these exploitative trades have their own effect on the market price, reducing the profit of the originally planned transaction. On CEXs, the risk is that if prefunding is conducted on-chain, third parties may be able to infer that a big trade is about to happen. However, these risks are greatly magnified when using a DEX.
Due to the networking delay when processing transactions, pending transactions may circulate among validating nodes before they are finally committed to a block. Indeed, on smart-contract based DEXs, bids are sent transparently, so a frontrunner simply needs to observe incoming bids and place her own bid with higher fees or with less networking delay in order to profit. Furthermore, as validators decide on the order of transactions for the blocks they produce, this introduces another opportunity for manipulation.
Thus, while DEXs are a tantalizing idea and present the opportunity to earn passive yield, they are currently not well suited to the needs of most traders.
Can we build a better DEX?
So how could we protect the interests of traders better than CEXs, without compromising on speed or scalability? By combining the speed and privacy of trusted execution environments (TEEs) with the trust and transparency of blockchain, an interesting way forward emerges.
TEEs — or secure enclaves — provide an isolated area within a computer processor that runs separately from the standard OS, and is not accessible to the system admin. This makes TEEs an ideal way to efficiently process potentially sensitive data off-chain. The hardware vendor typically provides a digital signature to remotely attest the validity of each TEE. If remote attestation is verified via a blockchain network, all participants can trust that data was only processed in a secure, isolated hardware environment.
Now imagine that the matching engine for an exchange operates within a TEE, which is accessible to nobody, including the exchange administrator. A trader can encrypt her bid with the public key of the exchange and send it to the TEE to be processed. The order will not become visible until and unless a matching bid by another trader is made and the order is cleared, thereby protecting both traders from frontrunning. After clearance, however, the order can be published for transparent price indication.
In addition, by executing matches off-chain, a TEE-enhanced exchange could conduct transactions far faster than a conventional DEX. This would make it competitive with a CEX in terms of performance and make it a viable option for algorithmic and high-frequency traders.
Finally, TEEs can also be used to reduce the risk of exchange fraud. Rather than traders being obliged to grant intermediaries access to funds prior to trading, TEEs would be used instead. The trader could define an allowance on her account that the TEE may spend to settle trades based on the bids she enters. This would eliminate the need for prefunding as we know it and greatly reduce counterparty risk.
The need for prefunding on cryptocurrency exchanges introduces problems and risks that pose a significant barrier to the adoption of digital assets. By combining the trust and security of blockchain, with the speed and confidentiality of TEEs, we can build exchanges that provide verifiably better security for traders while creating fairer markets.
The article was first published on Cointelegraph on July 11, 2021.