Minswap Front-Running Swap Orders

Notice: This page is a freshly imported case study from the original repository. The original content was in a different format, and may not have relevant information for all sections. Please help restructure the content by moving information from the 'About' section to other sections, and add any missing information or sources you can find. If you are new here, please read General Tutorial on Wikis or Anatomy of a Case Study for help getting started.

Notice: This page contains sources which are not attributed to any text. The unattributed sources follow the initial description. Please assist by visiting each source, reviewing the content, and placing that reference next to any text it can be used to support. Feel free to add any information that you come across which isn't present already. Sources which don't contain any relevant information can be removed. Broken links can be replaced with versions from the Internet Archive. See General Tutorial on Wikis, Anatomy of a Case Study, and/or Citing Your Sources Guide for additional information. Thanks for your help!

Minswap Homepage/Logo

Minswap is a community-centric decentralized exchange (DEX) on the Cardano blockchain, known for its fair distribution of $MIN tokens without private or VC investment. The DEX operates on a permissionless trading model, with swap fees benefiting liquidity providers (LPs). Minswap uses a FISO (Fair Initial Stake Offering) model and emphasizes Protocol Owned Liquidity. It has a total value locked (TVL) of $28.45 million, making it a prominent decentralized finance application on Cardano. Recently, Minswap faced a front-running attack, detected by a user on Twitter. Front-running involves exploiting advance knowledge of pending transactions to profit, and while the attack caused concerns, Minswap promptly addressed and resolved the issue, ensuring the security of its platform.

This is a global/international case not involving a specific country.^{[1][2][3][4][5][6]}

About Minswap

"A Sassy UnderCat in Space. A decentralized exchange governed by a community that zaps."

"Earn Liquidity Providers that deposit both assets of a pair are rewarded with swap fees."

"Farm MIN tokens are rewarded to Liquidity providers who stake their Liquidity Pool Tokens."

"Zap-In Provide Liquidity with one token of the pair."

"A Mobile-native Wallet The Most Mobile Friendly DEX on Cardano Blockchain."

"Minswap is a Decentralized Exchange (DEX). The purpose of a DEX is to enable permissionless trading of token pairs. For each swap, a fee is taken, which goes to the Liquidity Providers (LPs). Anyone can provide Liquidity as well, hence profits are decentralized. Minswap is a community-centric DEX, in that $MIN tokens are fairly distributed, without any private or VC investment. Minswap has pioneered several ideas in the Cardano ecosystem such as the FISO model (touted as the fairest ISO model in the Cardano community) or a focus on Protocol Owned Liquidity."

"Minswap is the most prominent decentralized finance application on the Cardano blockchain with a total value locked (TVL) of $28.45 million."

"Our tokens are fairly distributed without any private or VC investment. This ensures our community of users are maximally rewarded, not speculators and insiders."

"Minswap investigates a front-running attack on its platform after a user called their attention to a suspicious transaction.

Minswap, one of Cardano’s foremost multi-pool decentralized exchanges, experienced a front-running attack yesterday, Dec.8.

The attack was first discovered by a Twitter user CryptoVincenzio when he noticed that an account was frontrunning orders and taking profits"

"Front-running is trading stock or any other financial asset by a broker who has inside knowledge of a future transaction that is about to affect its price substantially. In crypto, front-running typically occurs when a miner or a full node operator with access to information on pending transactions places an order that would make them profit on the pending trade."

"These are for market orders. Setting a limit order would give anyone else fair game for knowing about the order parameters and working around them.

A market order shouldn't allow someone else to front-run with the knowledge it will be placed, however."

"After a couple of hours, MinSwap announced it had fixed the issue. The attacker canceled newly created orders because they could not “get ahead of the user.”"

This is a global/international case not involving a specific country.

The background of the exchange platform, service, or individuals involved, as it would have been seen or understood at the time of the events.

Include:

• Known history of when and how the service was started.
• What problems does the company or service claim to solve?
• What marketing materials were used by the firm or business?
• Audits performed, and excerpts that may have been included.
• Business registration documents shown (fake or legitimate).
• How were people recruited to participate?
• Public warnings and announcements prior to the event.

Don't Include:

• Any wording which directly states or implies that the business is/was illegitimate, or that a vulnerability existed.
• Anything that wasn't reasonably knowable at the time of the event.

There could be more than one section here. If the same platform is involved with multiple incidents, then it can be linked to a main article page.

The Reality

This sections is included if a case involved deception or information that was unknown at the time. Examples include:

• When the service was actually started (if different than the "official story").
• Who actually ran a service and their own personal history.
• How the service was structured behind the scenes. (For example, there was no "trading bot".)
• Details of what audits reported and how vulnerabilities were missed during auditing.

What Happened

The specific events of the loss and how it came about. What actually happened to cause the loss and some of the events leading up to it.

Technical Details

This section includes specific detailed technical analysis of any security breaches which happened. What specific software vulnerabilities contributed to the problem and how were they exploited?

Total Amount Lost

The total amount lost is unknown.

How much was lost and how was it calculated? If there are conflicting reports, which are accurate and where does the discrepancy lie?

Immediate Reactions

How did the various parties involved (firm, platform, management, and/or affected individual(s)) deal with the events? Were services shut down? Were announcements made? Were groups formed?

Ultimate Outcome

What was the end result? Was any investigation done? Were any individuals prosecuted? Was there a lawsuit? Was any tracing done?

Total Amount Recovered

There do not appear to have been any funds recovered in this case.

What funds were recovered? What funds were reimbursed for those affected users?

Ongoing Developments

What parts of this case are still remaining to be concluded?

Individual Prevention Policies

No specific policies for individual prevention have yet been identified in this case.

For the full list of how to protect your funds as an individual, check our Prevention Policies for Individuals guide.

Platform Prevention Policies

Policies for platforms to take to prevent this situation have not yet been selected in this case.

For the full list of how to protect your funds as a financial service, check our Prevention Policies for Platforms guide.

Regulatory Prevention Policies

No specific regulatory policies have yet been identified in this case.

For the full list of regulatory policies that can prevent loss, check our Prevention Policies for Regulators guide.

References