Dynamic Pricing for Non-fungible Resources
Public blockchains implement a fee mechanism to allocate scarce computational resources across competing transactions. Most existing fee market designs utilize a joint, fungible unit of account (e.g., gas in Ethereum) to price otherwise non-fungible resources such as bandwidth, computation, and storage, by hardcoding their relative prices. Fixing the relative price of each resource in this way inhibits granular price discovery, limiting scalability and opening up the possibility of denial-of-service attacks.
  • Theo Diamandis,
  • Alex Evans,
  • Tarun Chitra,
  • Guillermo Angeris
  • Basics
 08.16.22
Optimal Routing for Constant Function Market Makers
We consider the problem of optimally executing an order involving multiple cryptoassets, sometimes called tokens, on a network of multiple constant function market makers (CFMMs). When we ignore the fixed cost associated with executing an order on a CFMM, this optimal routing problem can be cast as a convex optimization problem, which is computationally tractable. When we include the fixed costs, the optimal routing problem is a mixed-integer convex problem, which can be solved using (sometimes slow) global optimization methods, or approximately solved using various heuristics based on convex optimization. The optimal routing problem includes as a special case the problem of identifying an arbitrage present in a network of CFMMs, or certifying that none exists.
  • Guillermo Angeris,
  • Tarun Chitra,
  • Alex Evans,
  • Stephen Boyd
  • MEV
 12.01.21
Replicating Monotonic Payoffs Without Oracles
In this paper, we show that any monotonic payoff can be replicated using only liquidity provider shares in constant function market makers (CFMMs), without the need for additional collateral or oracles. Such payoffs include cash-or-nothing calls and capped calls, among many others, and we give an explicit method for finding a trading function matching these payoffs. For example, this method provides an easy way to show that the trading function for maintaining a portfolio where 50% of the portfolio is allocated in one asset and 50% in the other is exactly the constant product market maker (e.g., Uniswap) from first principles. We additionally provide a simple formula for the total earnings of an arbitrageur who is arbitraging against these CFMMs.
  • Guillermo Angeris,
  • Alex Evans,
  • Tarun Chitra
  • DeFi
 09.01.21
Constant Function Market Makers: Multi-Asset Trades via Convex Optimization
The rise of Ethereum and other blockchains that support smart contracts has led to the creation of decentralized exchanges (DEXs), such as Uniswap, Balancer, Curve, mStable, and SushiSwap, which enable agents to trade cryptocurrencies without trusting a centralized authority. While traditional exchanges use order books to match and execute trades, DEXs are typically organized as constant function market makers (CFMMs). CFMMs accept and reject proposed trades based on the evaluation of a function that depends on the proposed trade and the current reserves of the DEX. For trades that involve only two assets, CFMMs are easy to understand, via two functions that give the quantity of one asset that must be tendered to receive a given quantity of the other, and vice versa. When more than two assets are being exchanged, it is harder to understand the landscape of possible trades. We observe that various problems of choosing a multi-asset trade can be formulated as convex optimization problems, and can therefore be reliably and efficiently solved.
  • Guillermo Angeris,
  • Akshay Agrawal,
  • Alex Evans,
  • Tarun Chitra,
  • Stephen Boyd
  • Basics,
  • DeFi
 07.01.21
Replicating Market Makers
We present a method for constructing Constant Function Market Makers (CFMMs) whose portfolio value functions match a desired payoff. More specifically, we show that the space of concave, nonnegative, nondecreasing, 1-homogeneous payoff functions and the space of convex CFMMs are equivalent; in other words, every CFMM has a concave, nonnegative, nondecreasing, 1-homogeneous payoff function, and every payoff function with these properties has a corresponding convex CFMM. We demonstrate a simple method for recovering a CFMM trading function that produces this desired payoff. This method uses only basic tools from convex analysis and is intimately related to Fenchel conjugacy. We demonstrate our result by constructing trading functions corresponding to basic payoffs, as well as standard financial derivatives such as options and swaps.
  • Guillermo Angeris,
  • Alex Evans,
  • Tarun Chitra
  • DeFi
 03.01.21
A Note on Privacy in Constant Function Market Makers
Constant function market makers (CFMMs) such as Uniswap, Balancer, Curve, and mStable, among many others, make up some of the largest decentralized exchanges on Ethereum and other blockchains. Because all transactions are public in current implementations, a natural next question is if there exist similar decentralized exchanges which are privacy-preserving; i.e., if a transaction’s quantities are hidden from the public view, then an adversary cannot correctly reconstruct the traded quantities from other public information. In this note, we show that privacy is impossible with the usual implementations of CFMMs under most reasonable models of an adversary and provide some mitigating strategies.
  • Guillermo Angeris,
  • Alex Evans,
  • Tarun Chitra
  • Privacy
 02.01.21
Optimal Fees for Geometric Mean Market Makers
Constant Function Market Makers (CFMMs) are a family of automated market makers that enable censorship-resistant decentralized exchange on public blockchains. Arbitrage trades have been shown to align the prices reported by CFMMs with those of external markets. These trades impose costs on Liquidity Providers (LPs) who supply reserves to CFMMs. Trading fees have been proposed as a mechanism for compensating LPs for arbitrage losses. However, large fees reduce the accuracy of the prices reported by CFMMs and can cause reserves to deviate from desirable asset compositions. CFMM designers are therefore faced with the problem of how to optimally select fees to attract liquidity. We develop a framework for determining the value to LPs of supplying liquidity to a CFMM with fees when the underlying process follows a general diffusion. Focusing on a popular class of CFMMs which we call Geometric Mean Market Makers (G3Ms), our approach also allows one to select optimal fees for maximizing LP value. We illustrate our methodology by showing that an LP with mean-variance utility will prefer a G3M over all alternative trading strategies as fees approach zero.
  • Guillermo Angeris,
  • Tarun Chitra,
  • Alex Evans,
  • Stephen Boyd
  • DeFi
 01.04.21
Liquidity Provider Returns in Geometric Mean Markets
Geometric mean market makers (G3Ms), such as Uniswap and Balancer, comprise a popular class of automated market makers (AMMs) defined by the following rule: the reserves of the AMM before and after each trade must have the same (weighted) geometric mean. This paper extends several results known for constant-weight G3Ms to the general case of G3Ms with time-varying and potentially stochastic weights. These results include the returns and no-arbitrage prices of liquidity pool (LP) shares that investors receive for supplying liquidity to G3Ms. Using these expressions, we show how to create G3Ms whose LP shares replicate the payoffs of financial derivatives. The resulting hedges are model-independent and exact for derivative contracts whose payoff functions satisfy an elasticity constraint. These strategies allow LP shares to replicate various trading strategies and financial contracts, including standard options. G3Ms are thus shown to be capable of recreating a variety of active trading strategies through passive positions in LP shares.
  • Alex Evans
  • DeFi
 06.01.20
Back

Manipulability Is a Bug, Not a Feature

  • Regulatory,
  • Research
 01.30.25

Like a computer, a blockchain has an internal clock: the blocktime [1]. Users send the blockchain transactions which contain sequences of instructions that modify the shared state of the network (for example, instructions to buy an asset on a decentralized exchange). Each time this clock “ticks,” it executes an entire batch of transactions—instantaneously from the blockchain’s perspective. You’d think, if the blocktime is the system’s clock, nothing at a finer-scale resolution should matter. You’d be wrong.

In most blockchain systems today (e.g., Ethereum), the order of transactions within a block matters. The consensus leader responsible for proposing the next block [2] has unilateral control over both the transactions included in this block and their ordering. This control, coupled with trading on decentralized exchanges, can cause trouble.

Guarantees provided by the blockchain

Each blockchain transaction must be digitally signed by the sender. As a result, the leader cannot tamper with the sequence of instructions specified by any transaction; they only control inclusion and ordering. This point is important: blockchains offer strong, cryptographic guarantees that, if your transaction is included, your transaction’s instructions cannot be modified [3].

Of course, the leader may have included other transactions before yours, so your transaction might execute against a different state than that of the last block. For example, if your transaction is a trade on a decentralized exchange, the price on the exchange may change before the blockchain executes your transaction.

Trading on decentralized exchanges

Buyers on decentralized exchanges typically submit market orders [4]. This order includes a slippage tolerance: the maximum price at which the buyer is willing to buy. This tolerance accounts for potential price movement between transaction broadcast and inclusion. (If the true price—in the astrological economic sense—of the asset is going up, many others are likely trying to buy as well [5].) For example, if you see an asset at \$100 and submit a buy order with 1% slippage tolerance, you might get this asset for \$100, but you’d take it at \$101 too.

Arbitrage

Why include the slippage tolerance? Sometimes, the true price changes between the time you place the trade and the time of trade execution, especially in systems with a long blocktime (i.e., a slow clock). Decentralized exchanges—like any market—rely on arbitrageurs to keep prices accurate. If the true price of this asset is \$101 but the exchange quotes a price of \$100, then an arbitrageur will try to buy the asset at \$100 and sell it elsewhere at \$101. (And your order will likely be filled at \$101, which is within your slippage tolerance.)

So who captures this arbitrage? In traditional markets, which effectively operate in continuous time, it’s captured by the fastest arbitrageur. In blockchain-based markets, it’s captured by the highest bidder.

Auctions

Using auctions to award arbitrage opportunities differs from latency races in public markets. If I think that the price will continue to go up, perhaps to \$102, I’m willing to pay more than an arbitrageur who wants to sell the asset right away at \$101. These payments go to the current consensus leader, since they have monopoly control over the next block contents. This leader includes the set of revenue-maximizing transactions from the auction. (Note that this auction typically happens out of protocol; for example, the auction is not part of the Ethereum protocol itself.) Unfortunately, the leader’s monopoly control over transaction ordering, coupled with trading on decentralized exchanges, introduces a system quirk: sandwiches.

Sandwiches

Let’s say you submit an order to buy an asset at \$100 with a 1% slippage tolerance. A malicious auction participant could bid for the following “bundle” [6] of transactions:

  1. Txn 1. A buy order before yours that pushes the price up to \$101
  2. Txn 2. Your buy order, which executes at \$101 (within your slippage tolerance)
  3. Txn 3. A sell order, selling the asset they bought at \$100 for \$101

Your trade executed at a different price than what you saw—but not due to some true price movement. The true price remained the same; the “sandwicher” manipulated the price before your transaction and then sold immediately after to make an instantaneous, risk-free profit. As previously discussed, arbitrage transactions like the frontrun (Txn 1) and the backrun (Txn 3) are not inherently bad; these trades can help keep markets efficient. The combination feels… wrong. 

Here, there was no real arbitrage opportunity; an actor used a system quirk to artificially create one. Although there is limited precedent for regulatory enforcement against sandwich attackers, the practice arguably constitutes market manipulation under federal securities and commodities laws—particularly when an actor exploits monopoly power to create artificial prices (i.e., prices that do not reflect independent market forces of supply and demand) [7]. While establishing intent in these cases can be a challenge (and may explain the limited precedent), it is difficult to argue sandwich attackers are unaware of their action’s impact on prices. Sandwiching, despite being common, is manipulative and exploitative.

Better designs

We can do better. This attack vector comes down to the fundamental mismatch of blockchain events with the system clock. What if there was no concept of order within a block? In the exchange setting, this means that all trades get executed in a batch—everyone in the block gets the same price. Eric Budish and others have proposed these designs (called frequent batch auctions) to ameliorate harmful effects of latency arbitrage in stock exchanges [8]. The associated clocks can be fast—measured in milliseconds. Traders, whether retail or institutional, won’t notice a difference. We think similar designs hold promise in the blockchain setting [9]. 

The design space of new mechanisms is only beginning to be explored [10]. Blockchain-based financial systems offer an opportunity to reimagine financial infrastructure from first principles. Let’s build systems that prohibit harmful behavior by design. Manipulability is a bug, not a feature.

Acknowledgements

Thank you to Alex Evans, Max Resnick, Lucas Bruder, and Henry de Valence for helpful comments on drafts of this post.

Footnotes

[1] Henry de Valence inspired this viewpoint.

[2] In most blockchains, the consensus leader for each block (called the “proposer” in Ethereum) is randomly selected based on resources contributed to the network (e.g., compute power in proof of work systems or capital in proof of stake systems).

[3] But your transaction could be included in a different context! For an example, see “uncle bandit attacks”.

[4] We don’t think this is a good thing.

[5] For academic purposes, think of the true price as the price on an external, infinitely liquid market.

[6] Note that the blockchain does not enforce the sanctity of this bundle; order flow auction systems use out-of-protocol techniques to do so.

[7] See, Barczentewicz, Mikolaj and Sarch, Alex F. and Vasan, Natasha, Blockchain Transaction Ordering as Market Manipulation (February 3, 2023). (2023) 20 Ohio State Technology Law Journal 1-87, Available at SSRN.

[8] Arbitrage, of course, still exists in batch systems. Our paper Concave Pro Rata Games analyzes a simple model of this type of arbitrage.

[9] These batched mechanisms aren’t a total panacea due to transaction censorship. For a discussion of these concerns see Censorship Resistance in On-Chain Auctions.

[10] Relatedly, many have proposed more restrictive transaction ordering rules to prevent specific types of harmful behavior.

Share
Contents