Author: Beichen

In the past 20 days, GMX has an average of 930 active users trading $110 million per day, making it the most successful decentralized derivatives exchange.

We have noticed that the heads of several competitors of GMX have recently criticized GMX's trading mechanism. Although their starting point is definitely not neutral, their stance can only determine value judgments but cannot influence factual judgments.

This article only discusses the facts of GMX's trading mechanism, and serves as a reference source for readers to make a comprehensive judgment on GMX.

0 slippage brings external attacks

GMX has an advantage, which is 0 slippage. This means that the price of your trading a token worth $1 is the same as the price of your trading a token worth $100 million, both of which are the feed prices of the oracle at the time of the transaction.

Zero slippage is naturally attractive to traders, especially large traders. An inappropriate but vivid metaphor is that it is like having the superpower to stop time and then go to fight with others...

The mechanism of GMX is that traders and LPs are counterparties to each other. When traders make money, it means that LPs lose money, so LPs are not protected.

The first person to publicly doubt the potential risks of the zero slippage mechanism was Taureau, the founder of ZigZag, a decentralized exchange based on ZK Rollups. He said on Youtube on September 2 that GMX's trading model had loopholes and he doubted whether this model could continue in the long run, because if traders exploited the loopholes, it would be easy to make money from GLP token holders.

On September 18, GMX did suffer a price manipulation attack, where the attacker took advantage of GMX’s minimal spread and zero slippage features to manipulate the AVAX/USD price and earned $565,000 in AVAX.

After the price manipulation attack, Joshua Lim, head of derivatives trading at institutional digital asset service provider Genesis, analyzed the steps of the attack on Twitter.

According to Joshua Lim’s analysis, the attacker repeatedly opened a large number of long and short positions on GMX using the oracle’s feed price (since GMX has 0 slippage, the oracle’s feed price is approximately equal to the execution price), but the large positions on GMX affected the AVAX/USD price on other exchanges, and then the oracle reacted and fed the price to GMX, at which time the attacker closed the position and made a profit.

It may be more vivid to give a more exaggerated assumption here.

You go long on 1 billion USD of AVAX on GMX. Logically, such a large amount of funds will increase the price of your actual transaction, but the mechanism of GMX is 0 slippage, so you still open a position according to the price fed by the oracle. However, this volume of transactions will increase the price of AVAX on other exchanges. Assuming that it has increased by 20%, the oracle will feed back the latest price to GMX. At this time, you can close the position according to the 20% increase in AVAX price, and withdraw the earned AVAX to other exchanges for sale. The AVAX you earn is the AVAX that GLP holders lose.

So this attack is a "reasonable but malicious" use of GMX's trading mechanism. Will there be similar attacks in the future? At present, the only way to avoid it is to cancel the 0 slippage mechanism.

However, there is another way to correct it, which is to set a limit, but it only increases the attacker's operation steps (using more wallets to open positions), and does not fundamentally solve the problem.

Does Keeper lead to internal evil?

It has been verified that 0 slippage can lead to external attacks, but the keeper mechanism that GMX relies on has not yet occurred. We can only say that as far as the keeper mechanism is concerned, the team does have the authority to do evil.

The transaction process of GMX is not that after you initiate a transaction, the smart contract will automatically execute it according to the price fed by the oracle. Instead, all transaction requests must be uniformly executed by the keeper. This is indeed more efficient, but the cost is that the keeper has the right to execute within 0.12% of the oracle price. And the maximum deviation will trigger forced execution only when it reaches 2.5%, and the price is between the Keeper price and the oracle price.

In order to supervise the keeper to prevent him from tampering with the price of the oracle, GMX also has a watcher node to verify. However, as mentioned above, a deviation of 0.12% is completely compliant, so the keeper can steal assets very covertly (for example, only 0.1% different from the fair price). He can steal from traders or LPs. As long as the deviation is small enough, it will not be discovered.

Of course, this is just a possibility and does not mean that the keeper will really do evil. Whether to trust the keeper is one thing, but we must clearly know that the keeper's power is not caged by the system.

0xAlpha, the founder of Deri Protocol, another competitor of GMX, said in an article titled "GMX, an "AMM" that may do evil" that it is impossible to verify from the outside whether they have done evil, but this is not important. What is important is that the most basic value in the crypto world and the biggest progress is the change from "don't do evil" to "cannot do evil", so this system that relies on the goodwill of those in power to operate should not belong to the crypto world.

Summarize

GMX's 0 slippage has attracted external attacks. Before the 0 slippage is cancelled, there may be similar attacks. After all, 0 slippage means that traders have unlimited liquidity at any time.

The keeper mechanism of GMX gives the team members the authority to do evil. If we speculate with the worst intentions, it is just "carrying a sharp weapon and having the desire to kill".

Of course, this article should not be considered investment advice as it is just one possibility.