Uniswap: Risks and Risk Management
Uniswap is an extremely popular DeFi platform for trading tokens as well as providing liquidity. Uniswap is the first DEX to implement AMM mechanics and has been the most dominant ever since. According to CoinGecko, Uniswap has the highest 24-hour trading volume of all decentralized exchanges (DEXs) and the highest market share. [^1]
While the platform itself has never been proven unsafe, there are several risks to consider, including financial, compliance-related, or exposure to potential scams that are listed on the platform. In this blog post, we'll delve into some of the risks to be aware of when using the platform, as well as some risk mitigation measures that Uniswap has implemented.
Financial Risks
The most significant financial risk for users swapping tokens on Uniswap is caused by price impact and price slippage.
Price Impact (PI)
PI is the difference between the actual price the user received when executing a swap versus the “real” price per token. This difference occurs due to pool mechanics, since the Uniswap AMM determines the price of a token based on the equation x*y=k, where x and y are the number of each tokens in the pool. During a swap, a user provides liquidity for one token while simultaneously removing liquidity for another. This causes an imbalance, resulting in a price impact. In a pool with deep liquidity, users can swap sizable amounts of tokens without the PI being too bad. Conversely, users can experience high levels of PI when swapping in pools with low liquidity.
Slippage
Slippage, on the other hand, is the change in token price caused by the overall movement of the market. It is reflected as the difference between the price you expect to receive, and the actual price you receive after the swap is complete. For example, a user expects to execute a trade at a certain price, but another user gets a transaction in first, changing the pool dynamics and therefore the price that your trade will execute at.
There are several factors that can contribute to price slippage, including low liquidity in a pool and high price volatility of the assets within the pool. The Uniswap interface allows users to change their slippage settings, the default being %0.50. This means that you are willing to accept a 0.50% change in price from what you initially expected to receive. Setting the slippage percentage too low can result in a reverted transaction and a loss of gas fees, while setting it too high can lead to a sandwich attack, where the user ends up paying more than intended.
What is Price Slippage? – Uniswap Labs
Impermanent Loss
For liquidity providers on Uniswap, it's important to be aware of the risk of impermanent loss. This occurs when a token's price change causes the liquidity provider's share in a pool to be worth less than the present value of their deposit. While this loss is temporary and can be recovered if the token pair returns to its initial exchange rate, it can be especially risky during times of high volatility. You can read more about impermanent loss here, or watch this video.
Compliance Risks
Other than these financial risks, another potential risk when interacting with Uniswap is regulatory in nature - users who interact with DEXes may have either direct or indirect exposure to potentially bad actors who have engaged in criminal conduct.
For example, while crypto mixers were designed to protect user privacy, it is known that cybercriminals use them in order to obscure the connection between wallets used to collect illicit profits and the wallets used to exchange these profits for fiat, thus laundering funds.
Since, for example, U.S. regulation requires businesses to implement and maintain a risk-based Anti-Money Laundering (AML) program, interacting with pools which may contain illicit funds could potentially violate regulatory requirements. This could put users at risk both when providing liquidity and when swapping tokens within a contaminated pool.[^2][^3][^4]
Scams
Since anyone can deploy a smart contract to create a pool on uniswap, users of the platform are susceptible to scams such as rug pulls, fake token imitations, and phishing attacks.
Honeypot Scam
One example is the Prosper (PROS) token honeypot scam from January 2021, where a malicious ERC20 token, a knock-off of the legitimate Prosper token, was created and listed on Uniswap V2 pool swapping PROS for WETH. The malicious contract has an internal modifier which prevents anyone who is not the owner of the token (or anyone not whitelisted by the owner) from transferring tokens to anyone else.[^5]
Phishing Attack
Another example is a phishing attack which occurred in July 2022, where a malicious ERC20 token was airdropped to users holding UNI tokens. The goal was to get victims to the attacker’s scam website, where users were directed to swap their tokens - actually granting the attacker approval to access their tokens.[^6]
Risk Management by Uniswap
Uniswap has taken several steps to ensure the risk management of its platform.
For example, Uniswap has implemented price impact warnings to alert users about the potential for high price impact due to low liquidity. This can occur when there is a lack of buyers or sellers for a particular token, leading to significant price changes with even small trades.
What is Price Impact? - Uniswap Labs
On the subject of compliance, Uniswap has started blocklisting wallet addresses at the front-end level, mostly because of connections to mixing services like Tornado Cash, recently sanctioned by the US Treasury.[^7] Uniswap is working with analytics firm TRM Labs which checks and flags addresses connected to stolen funds, transaction mixers, sanctioned addresses, known scams, child sexual abuse material, known hacker groups and terrorist financing.[^8]
Another important measure is the inclusion of token warnings for users. These refer to tokens that are not traded on leading U.S. centralized exchanges, or tokens that are not frequently swapped on the platform.
The platform has also added caution signs for suspicious NFT listings. If an NFT (non-fungible token) has a red caution sign, it means it has been reported for suspicious activity on OpenSea. This helps protect users from purchasing potentially fraudulent or misleading NFTs.
NFT listings: Suspicious flags - Uniswap Labs
Conclusion
It is important for users of Uniswap to be aware of the various risks and potential for scams on the platform. To help mitigate these risks, Uniswap has implemented measures such as token warnings, price impact warnings, and suspicious flags for NFT listings. The platform has also partnered with TRM Labs to screen and monitor suspicious financial activities, and has taken steps to ensure compliance with AML and blocklisting for liquidity providers. Despite these measures, it is still important for users to exercise caution and thoroughly research any tokens or transactions before swapping or providing liquidity on Uniswap.
[^1]: Top Decentralized Exchanges Ranked by Volume | CoinGecko [^2]: Crypto Mixers and AML Compliance - Chainalysis
[^3]: What is AML and KYC for Crypto? - Chainalysis
[^4]: DeFi Compliance: A Galaxy Not Far Away - ACAMS Today
[^5]: Uniswap Honeypot Scam — Analysis [^6]: More than $4.7M stolen in Uniswap fake token phishing attack
[^7]: US Treasury Adds to Tornado Cash Sanctions With North Korea WMD Allegations
[^8]: Uniswap has blocked 253 crypto addresses related to stolen funds or sanctions
,