Discover more from Foot Guns
#41 Vampire Weekend
No, not the rock band. Today we discuss crypto vampire attacks.
Hey paid subs! We have a new format. From now on you can find a link to the Cheat Sheet at the top of every newsletter. This will also be where you find private pods and any special posts.
The Vampire Attack
Uniswap, the largest decentralized exchange (DEX) by total value locked (TVL), was publicly announced and deployed to the Ethereum mainnet on November 2, 2018. After years of refining the code and three iterations of the exchange (V0, V1, V2), nearly half of Uniswap’s TVL was “stolen” in just a few days. On August 28th, 2020 a new DeFi project emerged with a new token called SUSHI. An anonymous Twitter account, ChefNomi, had taken a public copy of the Uniswap code, created their own DEX, but along with the DEX they created a token, SUSHI. These are all the ingredients needed for a Vampire Attack.
The first phase of the attack is to pay users in SUSHI tokens for staking their liquidity pool (LP) tokens (blockchain proof of providing Uniswap liquidity). This effectively gets users to move their liquidity from Uniswap to Sushiswap. Once the liquidity is locked into Sushiswap contracts the next phase of the attack is to migrate the liquidity from Uniswap into a new set of smart contracts. Sushi’s MasterChef contracts were created to facilitate the transfer of users funds out of Uniswap LP and into a Sushiswap LP. Once the liquidity was migrated to the new contracts, ChefNomi executed the final phase of the Vampire Attack.
Unlike Uniswap, that offers only liquidity providers with fees earned from the pools they are providing liquidity for, Sushiswap’s SUSHI token can be staked on the Sushiswap platform and earns a portion of the fees from all of the liquidity pools on Sushiswap. This combination of attractive user incentives successfully pulled $1 billion TVL from Uniswap and into the Sushiswap platform. The vampire attack was successful in a big way.
What’s the lesson? In crypto and DeFi the ecosystem is wide open and mis-aligned incentives can have devastating impacts on well built products. There was nothing inherently wrong with Uniswap’s liquidity pools. It was just the user incentives were not set up correctly. Uniswap may have had a plan to grow in a traditional manner with an eventual plan to release equity. However, because of Sushiswap in order to save the platform they were forced to airdrop the UNI token, and provide temporary rewards to users bringing their LP back to the Uniswap platform. Currently, Uniswap does not share profits with UNI holders, while SUSHI holders can stake SUSHI to receive XSUSHI that receives a portion of all trade fees on Sushiswap.
OpenSea, Open For Attack?
OpenSea, a popular NFT market, has become the most used project on the Ethereum mainnet. At the time of writing, OpenSea was responsible for 10% of all fees paid on the Ethereum network in the past 3 hours. This is nearly twice as much as Uniswap’s V2 router. The point is that OpenSea is now the king of decentralized applications, and the story starts to feel familiar to when Uniswap was the king and had no contenders.
The story gets even more familiar as many are publicly calling for OpenSea to release a token as a way to capitalize on their giant, growing userbase they have established. However, there has been no communication or promise of a token and some are suggesting OpenSea will take a traditional route through the equity markets.
The familiarity continues with Andre Cronje, creator of Yearn.finance, recently suggesting that $ART would be a cool name for a token that represents an NFT project. This Tweet coming soon after another Tweet showing a new NFT platform built on Fantom.
If all of these similarities aren’t enough for you how about this one : Sushiswap Unveils Website For Its Yet To Launch Shoyu NFT Platform. Will this be a repeat regicide, with Sushiswap behind the sword again? It’s only a matter of time before someone tries to take down this king. There is a proven format for a Vampire Attack that could work in a similar way to dethrone OpenSea. Will anyone attempt it? If it does happen we will be here to breakdown the story and keep you informed.
Don’t miss out on our on going FGNEWS Airdrop!