UNKNOWN

DECEMBER 2020

GLOBAL

DEXTOOLS

DESCRIPTION OF EVENTS

"Real-time data analysis at the tips of your fingers: Create unique trading strategies, anticipate market movements, search for big spreads, track and copy the most profitable wallets and much more."

 

"DEXT is a multifaceted, interactive trading tool that will be paramount in your trading success. Currently ending their beta, DEXT provides trading tools such as: DEXTboard, Pool Explorer, Pair Explorer, Big Swap Explorer, Token Catch, Spread Hunter, and various other functionality for a multitude of exchanges. This includes Uniswap and IDEX with tangible, working products. DEXT has the ability to integrate their tools to work with additional exchanges such as Mooniswap, Sushiswap, and Kucoin which are all coming soon. Due to how responsive the devs are, if the community wants other exchanges included, they are willing to include them too! Whether it’s a DEX or CEX, DEXTools has the ability to help navigate your trading experience."

 

"Users’ trust in well-curated platforms, as well as their low experience in interpreting data and code, can render even the most credible dapps and DEXs susceptible to high rates of fraud."

 

"Another example of advanced fraud is contract manipulation. Twitter user and self-professed anti-rugster, R0฿ST3R, explains how scammers with programming knowledge can exploit the legitimate function of apps like DEXTools, a dapp providing real-time crypto market data analysis, to produce fake, convincing contracts that mimic legitimate code to the untrained eye.

 

"[T]his tx is NOT coming from the developer wallet. If that's the case it checks for the allowance. If it DOES come from the developer this gets skipped." "[T]he developer wallet doesn't need any "allowance" to transfer tokens from any "_from" wallet to e.g. his own wallet. So: Dev can steal the tokens out of your wallet at any time!" "Uniswap can't take your tokens if your wallet is blacklisted." "The owner / developer can blacklist anyone he wants to." "That means you won't be able to sell!" "[A]s a default investor you can buy the token but you won't be able to sell them."

 

"After deployment of the contract the developer got all tokens (total supply) and used the "batchSend" function so send batches of 125,000 $YLD to multiple addresses (all owned by him)." "All developer wallets can skip the approval and always sell. So the developer uses these 40+ wallets to sell tokens and make the history on DexTools looking legit." "[E]very selling wallet you find on DexTools at this pair is one of the wallets from the "batchSend" function call."

With decentralized platforms, a major problem of fraud can happen with fake tokens. Given the open nature of the blockchain, anyone can list a new token with a similar name to an existing popular token, and using smart contracts it's possible to prevent or limit the sale of tokens, meaning that investors can buy, but not sell, the token, while the token developer can sell their own tokens to create realistic trading activity.

HOW COULD THIS HAVE BEEN PREVENTED?

Such fake tokens can easily be avoided by trained platform operators. In cases where operators are tricked to accept an illegimiate version of a popular token (which has never yet happened historically) platforms should make affected users whole. We've proposed an industry insurance fund that could cover such unlikely events.

 

Check Our Framework For Safe Secure Exchange Platforms

Sources And Further Reading

 For questions or enquiries, email info@quadrigainitiative.com.

Get Social

  • email
  • reddit
  • telegram
  • Twitter

© 2021 Quadriga Initiative. Your use of this site/service accepts the Terms of Use and Privacy Policy. This site is not associated with Ernst & Young, Miller Thompson, or the Official Committee of Affected Users. Hosted in Canada by HosterBox.