dex-exploits
DEX exploits are malicious attacks targeting decentralized exchanges, resulting in theft of funds or manipulation of trading activities.
DEX exploits leverage vulnerabilities in the smart contracts, protocols, or infrastructure of decentralized exchanges (DEXs). These attacks can manifest in various forms, including flash loan attacks, slippage manipulation, and reentrancy attacks. The goal is typically to steal user funds, manipulate trading pairs, or disrupt the normal functioning of the DEX. The increasing popularity and value locked in DEXs have made them attractive targets for malicious actors, leading to significant financial losses for users and the platforms themselves.
graph LR
Center["dex-exploits"]:::main
Pre_cryptography["cryptography"]:::pre --> Center
click Pre_cryptography "/terms/cryptography"
Rel_flash_loan["flash-loan"]:::related -.-> Center
click Rel_flash_loan "/terms/flash-loan"
Rel_slippage["slippage"]:::related -.-> Center
click Rel_slippage "/terms/slippage"
Rel_defi_security["defi-security"]:::related -.-> Center
click Rel_defi_security "/terms/defi-security"
classDef main fill:#7c3aed,stroke:#8b5cf6,stroke-width:2px,color:white,font-weight:bold,rx:5,ry:5;
classDef pre fill:#0f172a,stroke:#3b82f6,color:#94a3b8,rx:5,ry:5;
classDef child fill:#0f172a,stroke:#10b981,color:#94a3b8,rx:5,ry:5;
classDef related fill:#0f172a,stroke:#8b5cf6,stroke-dasharray: 5 5,color:#94a3b8,rx:5,ry:5;
linkStyle default stroke:#4b5563,stroke-width:2px;
🧒 Explain Like I'm 5
[DEX](/en/terms/dex) exploits are like finding a secret backdoor in a digital marketplace to steal items or trick people into selling things for way less than they're worth, because the security guards (the code) had a mistake.
🤓 Expert Deep Dive
Exploits targeting DEXs often exploit the interaction between different DeFi primitives or the reliance on external data feeds. Reentrancy attacks, classically demonstrated by the DAO hack, remain relevant if not properly mitigated using the Checks-Effects-Interactions pattern or reentrancy guards. Price [oracle manipulation](/en/terms/oracle-manipulation) is particularly insidious in AMM-based DEXs that rely on internal or external oracles. For instance, an attacker might borrow a large sum via flash loan, manipulate the price of a collateral asset on a dependent lending platform, and then use this manipulated price to withdraw excessive funds from the DEX's [liquidity pool](/en/terms/liquidity-pool). Flash loan attacks are prevalent due to their capital efficiency, enabling sophisticated multi-step exploits within a single atomic transaction. Front-running is facilitated by the transparent nature of public mempools; attackers profit from information asymmetry. Analyzing DEX exploits requires understanding not only smart contract logic but also market dynamics, gas economics, and game theory. The composability of DeFi means a vulnerability in a collateral asset's price feed could indirectly lead to a DEX exploit.