3.3 Exchange Architecture Review
In this section we will demonstrate how Radex’s architecture stacks up against other centralized and decentralized exchanges.
GDAX is an example of a centralized exchange. While how such exchanges function under the hood greatly differs from exchange to exchange, conceptually they all operate under the same business model and thus from a bird’s eye view they all look the same when it comes to handling money.
Clients interact with the exchange via a web application. They transfer the funds to the exchange by sending them to a one-time-generated address on the corresponding blockchain. This address is owned by the exchange. In return for the crypto they receive from their customers, the exchange updates a record in their database. This database stores everybody’s balances, trades, withdrawals and the order book. The database is not necessarily in sync with the blockchain. In theory, a hacker could modify the database, draw themselves a thousand BTC and safely withdraw them. The exchange wouldn’t even notice until it’s time to pay someone else and they no longer have the funds. This is the same architecture that the infamous Mt. Gox had, although undeniably Coinbase/GDAX have done a much better job fending off hacker attacks. For now.
EtherDelta is a rather popular centralized/decentralized exchange hybrid.
The majority of the operations are being handled directly on the blockchain. Most importantly, a trader never has to let go of the ownership of their tokens, enabling the whole system to deal with money transfers and executed trades in a trustless manner. The main component of this architecture that can be criticized is the centralized order book server.
This server is fairly well protected. Compared to centralized exchanges like GDAX and Mt. Gox, breaking into EtherDelta’s servers will not allow the hackers to steal anyone’s money. In case a hacker takes control of the order book server the orders on them are encrypted. The hacker will not be able to simply take the money from the people’s orders, they’ll either be able to trade against those orders (which is what market makers want anyway) or simply delete them all. The latter would remove all liquidity from the exchange and will render it unusable which is a much scarier attack, but way less catastrophic than lost funds.
The centralized component does come with a caveat. EtherDelta has the ability to censor the orders in the order book if they are suddenly forced to, because their centralized servers have to be running on some country’s soil and are thus subject to that country’s jurisdiction. They can also frontrun traders on lucrative deals, taking unfair advantage of information asymmetry, which is a much more sneaky attack, and one that can decide between life and death for professional traders. There is a reason why big Wall St players spend billions on getting the fastest access to order book servers, and why some exchanges demand that players rent space in their colocation data centers. While this centralization allows for a marginal benefit (market makers pay no fees for creating an order, they just send an encrypted message to EtherDelta’s order book servers), the downsides are fairly obvious to anyone who knows the history of and the reasons for high frequency trading regulations.
Overall, EtherDelta requires no less trust than a centralized exchange when it comes to fair trading. On the other hand, you do not have to trust them with not losing your money (you are always in control of your wallet), thus they are much harder to steal money from compared to centralized counterparts.
0x project can be summarized as EtherDelta’s ideas taken one step further, from a single exchange to a multi-national chain.
0x is a protocol that was created by ZeroEx Intl. Their business model is creating franchises for hybrid centralized-decentralized exchanges, which they falsely advertise as decentralized. They provide code libraries for making an exchange, or a relayer per their vocabulary, that can work in 0x network.
A core benefit that this project has over already established EtherDelta is the so-called shared liquidity pool. Since all relayers in the network speak the same 0x protocol they are able to share liquidity between each other. This should, theoretically, help bootstrap the network, as many exchanges are going to work together on building one large order book. Also theoretically, this should foster innovation among exchanges within the network to differentiate between each other based on better user experience and lower fees.
Just like McDonald’s lets you have a franchise and sell hamburgers if you agree to lease the land for your restaurant from the parent company, 0x provides you with all the help you need in order to launch an exchange, including code libraries and marketing. In return, they insist that you trade all tokens against ZRX token that they created if you want to take advantage of the shared liquidity pool.
In practice, these ideas, in the humble opinion of this whitepaper’s authors, seem to contradict the basic business model of an exchange. It takes quite a bit of work to build the technology for an exchange, even if the token-handling part is already provided. But it takes exponentially more more work and luck to market your exchange and to attract customers. The customers build the order book for the exchange and this order book acts as the so-called economic moat fueled by network effects.
The exchanges, once established, have no incentive to share their order books with others and thus create competition for themselves. This problem is supposed to be solved in a future 0x protocol version. As of writing this whitepaper, the exact details of how this problem will be solved and estimated time when this change is going to appear in the mainnet remain a mystery. In fact, the top relayer in the network, Radar Relay, currently commands more than 85% of the market share of the entire 0x network. It is unclear why they would want to give up this competitive advantage and share liquidity with other exchanges.
A number of 0x exchanges are already running in the mainnet, each one with its own unique strengths and weaknesses. Since liquidity sharing is not enabled yet the architecture for these exchanges is identical to that of EtherDelta and is not worth a separate discussion.
The shared liquidity pool, if it ever takes off, will make the architecture look slightly more interesting. 0x founders currently recommend that exchanges, or relayers, implement a standard API. There isn’t much more information provided on the future plans for shared liquidity pool’s implementation, but supposedly each exchange should manually subscribe to all other exchanges’ API services.
The design of 0x protocol mandates that orders are to be kept off-chain, just like EtherDelta currently does it. Thus the problem of sharing orders among exchanges is reduced to standard information sharing and service discovery problems in computer science.
There are a number of ways to distribute information. The evolution of internet during the Web2.0 era has shown us that as soon as big businesses start using decentralized protocols for information sharing, certain market forces make them centralize data ownership.
It is more efficient for the global economy if everybody uses the same office suite, the same search engine, the same social network. Similar to that, if 0x liquidity ever hits the scale of big centralized exchanges, this same market pressure will create a player in the market that will become the de-facto standard 0x liquidity provider / order book aggregator, and the architecture of the resulting system will look like the one depicted on the diagram above. While the shared liquidity pool is called 0x servers on the illustration, a pedantic reader would point out that 0x does not host any centralized servers. In the future even if they as an organization do not, someone else will fill this market niche. Since nobody has done so yet (but there are contenders in this space already) we will just keep calling them 0x servers in this chapter.
When it comes to dealing with the centralized parts of the architecture the same problems as with EtherDelta remain but the tradeoffs look slightly different. Because ultimately each exchange maintains their own database of orders, bringing one down will not make a big impact on the overall liquidity of the network. However, if 0x’s servers are ever down this will be the end for the shared liquidity pool as all the orders from it will be destroyed.
Censorship becomes more interesting than a simple denial of service attack. There are two types of censorship attacks that can be performed on the 0x network.
The first is individual exchange censorship. A large enough exchange can benefit from the shared liquidity pool that other exchanges create, while keeping all the limit orders created on the exchange to itself and not sharing them with the liquidity pool. Thereby this exchange can market itself as one that has more liquidity than the whole 0x network and thus pull the users from other participants.
The second is censorship that the big liquidity aggregators can perform. Since they ultimately control the shared liquidity pool on their centralized servers, the aggregators get to decide if an order created by some particular address, or a particular exchange, should be distributed to the global network. It wouldn’t be surprising to see these aggregators demand a fee for adding a particular exchange to their feed. At the end of the day all these costs, alongside the costs for maintaining the off-chain servers, will be transferred to traders - the consumers of the exchange product.
Another point worth discussing is ZeroEx Intl’s choice of legalizing the company. They chose to register a for-profit company on the Cayman Islands, while the investors and executives currently reside and work in San Francisco, CA. This is a fine choice for registering a for-profit business, such as EtherDelta for example. ZeroEx’s executives claim that their only mission is to develop 0x protocol and foster its adoption, because it will make the world a better place. This kind of message is incompatible with for-profit business mentality. Instead, it sounds like a great mission for a non-profit organization like Ethereum Foundation, for example. When the protocol is owned by a non-profit the users can be sure that its development will have the stated mission as the highest priority. When the protocol is owned by a for-profit organization there is great temptation (and no legal repercussion) to modify the protocol in a way that will benefit a certain group of participants at expense of the others.
Technologically, 0x looks like an interesting continuation of EtherDelta’s ideas. The big overarching goal of 0x project is to promote decentralized exchanges and grow their market share, and they have already done a remarkable job doing that, which is undoubtedly a very positive change for the whole cryptocurrency community. 0x founders chose to attack this problem using the franchising business model, where they own the brand and enable others to create decentralized exchanges that, due to the network effects that the founders impose, will have to trade ZRX token.
Once 0x will be large enough it will surely attract financial regulators and it will be interesting to see how they protect their “decentralized” platform given that censoring and regulating it is technically possible. For example, if China decides to ban the websites of 0x relayers, their “decentralized” network will be censored and neutralized. Similarly, since relayers need to maintain physical infrastructure and thus need to be registered as businesses in some jurisdiction, the regulators can force these exchanges to implement KYC lists which would tie individuals to Ethereum addresses, something that the whole cryptocurrency movement has been against since its inception. This would be the ultimate desirable end game for our Wall St. rulers.
IDEX is one of the most used dApps on Ethereum blockchain. While they are certainly very successful in their own right, they do employ some dirty marketing tactics by calling themselves a decentralized exchange. They should be calling themselves a non-custodial exchange instead. Let me explain what I mean by that. To do so, we will need to understand how IDEX works under the hood.
Building good software is all about making the right tradeoffs. IDEX, to their credit, unlike many other projects describe the tradeoffs that they made and are upfront about what attributes they have optimized for. They explicitly state that the primary objective was to develop an exchange with the best UX.
The only decentralized aspect of their exchange is the deposit/withdrawal of funds. That is what I mean by non-custodial exchange. Unlike GDAX, IDEX does not store your money in their wallets. This means that hacking IDEX and stealing customer funds is impossible - one needs to hack every individual trader separately. Thus, at least in theory IDEX has better security than centralized exchanges.
However, trading on IDEX is completely centralized as every order goes through their service before being recorded on the blockchain. This provides a somewhat better user experience, indeed, but not much better than that of modern decentralized or hybrid counterparts. On the other hand this choice invites all the problems of dealing with a centralized trading engine: vulnerable to DDOS attacks, delisting tokens due to regulatory fears, and potentially censoring individual accounts (i.e. ban certain addresses from trading on their exchange).
Furthermore, because IDEX chose a very weird point on the decentralization spectrum, their operational costs are much higher than those of centralized exchanges, since every trade needs to be recorded on the blockchain, while they simultaneously have worse customer experience than Coinbase or Binance.
Ultimately, IDEX is an interesting experiment in dApp design, and I have no doubt that their architecture will inspire some other future dApps in other industries. In my personal opinion, long term their architecture is a bad fit for a crypto exchange and the current version of IDEX has no future as a product. Within 5 year timeline they will have to either rewrite the whole exchange and adopt a new architecture or perish.
Kyber is a decentralized interface to centralized exchanges. From a trader’s point of view Kyber doesn’t work like a trading platform, like Bitfinex or Binance. Instead, Kyber works more like a decentralized Shapeshift or Changelly. Conceptually, it works in a very simple way: trader that wants to exchange token A for token B receives a quote, if they like the price they send token A to kyber’s smart contract and receive token B.
What I have just described is just the tip of the iceberg. It is much more interesting to find out what happens under the hood. Where does liquidity come from?
The liquidity comes from the so-called Reserve managers, which are simply funds operated by whales that buy cheap on centralized exchanges like Bitfinex or Binance, and sell for more to Kyber Network’s customers. This allows Kyber to bootstrap its own liquidity from nothing. Once Kyber’s volume becomes large enough their Reserve Managers will be able to employ more sophisticated pricing strategies and offer better prices.
Theoretically, Kyber says that multiple organizations can operate a Reserve Manager. In practice though, because of the trust required in the interface between Kyber’s smart contract and the Reserve Manager’s, the only RM currently in operation is Kyber’s own. They are able to operate it using the funds that they have raised during their ICO.
As an exchange platform, Kyber may be convenient for a trader that wishes to use a DEX, but it lacks the incentive structure of a free market that forces the prices to move to competitive levels. The prices on Kyber are completely at their mercy and may not represent real market prices. I recommend checking other trading platforms for a quote first before trading on Kyber. If Kyber’s price satisfies you it is a pretty convenient platform to do business with.
I do not recommend using Kyber as your only exchange, but rather as a supplement. For example, here at Saturn Network, we plan to use Kyber as one part of the solution to provide liquidity on Radex, via the use of Atomic Arbitrage trading bots.
Just like Kyber, Bancor isn’t a professional trading platform with an orderbook of its own. It works in a very similar way for the end user - receive a quote, send token A to Bancor smart contract, receive token B in the same transaction.
Unlike Kyber, Bancor has a very different mechanism for providing liquidity. Instead of directly relying on centralized reserve managers, Bancor utilizes smart contract logic in order to create programmatic, decentralized reserve.
Bancor achieves instant liquidity, as they call it, by creating specialized smart contracts, called smart tokens, for every token pair that holds a reserve of each token. The smart contract sets the exchange rate based on how many tokens it has in its reserves.
For example, one can create a smart token for ZRX/SATURN exchange, with initial price set to 1 ZRX = 1 SATURN. This smart contract holds a balance of both tokens and sets the price based on reserve availability, with the goal of incentivizing restoration of initial balance. Depending on how people trade, the price will go up or down.
Bancor uses a similar, but slightly more simple, mechanism compared to Saturn Protocol’s design in order to supply liquidity for the traders. Arbitrage trading bots monitor Bancor smart contracts and buy/sell whenever Bancor price differs significantly from other exchanges.
However, unlike Saturn Protocol, Bancor cannot guarantee the price of purchase because it changes with each transaction. Since within one block transactions are arbitrarily ordered, there have been frontrunning attacks, executed by both miners and other traders. Essentially, it allows other people who can act quick enough to drain money from your wallet if you do not set the cap on your price (the suggested fix to the protocol). Since the cap is public information anyway, it is pretty much a guarantee that someone will force the price to drop to your suggested cap levels, and these “adversarial traders” will squeeze out $5-$10 dollars out of you on your every trade. This price unpredictability is the unfortunate price to pay for algorithmic price discovery promised by Bancor.
Today, Bancor seems to has shifted its focus away from their ETH exchange towards EOS blockchain. They run the Liquid EOS block producer, and contributed implementation of Bancor formula for EOS RAM reserving system.
Unlike all other exchanges in this comparison, Radex is the only exchange that has on-chain order book. In fact, all of the data is stored on-chain, without a single centralized component required for trading.
This decision was not taken lightly as it has certain downsides compared to more centralized alternatives, such as having to pay transaction fees for creating an order. However, a fully on-chain exchange has a number of very important qualities that overpower any potential drawbacks. These qualities are:
Radex cannot be censored without blocking the whole blockchain. So far nobody, not even a powerful government, were able to censor Ethereum blockchain. On the other hand you don’t need to look far for an example of a country blocking entire businesses, even those owned by well-connected and wealthy international corporations. To put it bluntly, if the Chinese government decides to block EtherDelta’s order book server then the exchange will not be able to function on Chinese territory.
Radex’s trading engine has no maintenance costs. All financial transactions happen on the blockchain that is secured by Ethereum miners. Zero maintenance costs are what enabled us to make Radex entirely free to use, without any rent-seeking behaviour. EtherDelta and 0x have to take fees from their customers in order to support their infrastructure.
Radex’s architecture eliminates any potential downtime. Bitcoin has a track record for producing blocks at a regular pace for almost 9 years. Ethereum consistently produces new blocks every 15-20 seconds. While individual servers can crash at any time (like the recent Binance downtime), the blockchain keeps on living. The protocol itself ensures that Radex will not have any downtime or lost orders as long as the blockchain lives. In contrast, when a piece of centralized infrastructure, such as the order book server, fails in another exchange, that exchange will go down and trading will stop, causing massive inconvenience for its former customers.
Radex preserves your anonymity and does not store any data it doesn’t need. Even if you yourself don’t collect any compromising metadata about your users, such as their IP address and time spent on the website, rest assured that your hosting provider already does this for you. That’s why any popular product that has a centralized component is a potential liability. Radex has one centralized component - the website with the user interface - that is completely optional to use. You can execute trades directly on the blockchain by calling functions on the smart contract. In the future we plan to provide a standalone app, much like MyEtherWallet does, that will let you comfortably trade on Radex while maintaining your full anonymity.
All traders are equal. While the Wall St. banks and exchanges have tight regulation and supervision that tell them what they can and cannot do, cryptocurrency marketplaces currently do not have any oversight. This means that centralized exchanges can engage in otherwise unlawful practices, such as frontrunning, wash trading, spoofing and other tricks. You don’t need to go far for a recent example - the way Coinbase has handled adding Bcash has raised questions not only from the community, but also from from Coinbase’s board of directors. They know that the next stop is questions from the SEC and a securities fraud lawsuit that can lead to up to 20 years’ imprisonment penalty. The enabler of all these tricks, and the reason why they were made illegal, is information asymmetry. When the exchange owners have better and faster access to information than other traders it creates a power imbalance. Storing the full order book and trade data on the blockchain is the only way to ensure that everybody plays by the same rules.
We will now provide you with our vision for the Saturn Network and what we are developing:
- Source: 0xtracker
- Application programming interface - essentially, they recommend that all relayers speak
the same language.
- Translation from buzzword-speak to English: on exchange-owned centralized servers.
- Decentralized applications.
- Use of bancor formula with its unpredictable pricing is the reason why EOS block producers had to print 12,000 coins for mainnet launch.