< Articles

The race to create a DEX that enables cross chain swaps

In a recent trip to Berlin for Polkadot Decoded, the Polkadot ecosystem’s 2022 conference, I made sure I sat down with the CTO of Chainflip, Tom Nash. I’m very appreciative that he chose to give up his time to share his thoughts with Auxilio.

Aug 8, 2022 • 14 mins

Author: Angus Mackay

To introduce Chainflip before we dive into the detail, they’re a decentralised, trustless protocol that enables cross chain swaps between different blockchains and ecosystems. To rephrase that in terms of the customer value proposition, they will potentially allow a user to instantly source the best deal, and the best customer experience to swap crypto assets across multiple ecosystems (Ethereum, Polkadot, Cosmos etc.). It may not sound like it, but it’s a seriously ambitious undertaking that requires some serious tech problem solving.

Angus: What’s makes Chainflip a standout project are the choices you’ve made to integrate technologies across the Ethereum and Polkadot ecosystems, and to not become a Parachain. Can you give us the benefit of your thinking?

Tom: We’ve amalgamated a bunch of different technologies that are best in class to limit what we need to build to produce something that fulfills a specific use case that we see the opportunity to create.

There are a lot of choices that are really easy to make and your encouraged to make them, like build on Substrate, become a Parachain, enjoy shared security, don’t worry about building a validator community, don’t worry about how to incentivise people in an effective way. Many of these choices didn’t really make sense for us.

We don’t benefit from the shared security of Polkadot as we still require staked validators on the Chainflip network to be staked. You can’t run an exchange with $10bn worth of liquidity if you’ve only got $10m worth of collateral because you immediately provide an incentive for people to buy up all of the collateral to take control of the funds. So Chainflip requires validators to be staked and collateralised.

Whilst you can do that with Polkadot and your own Parachain, Collators and Cumulus, it certainly doesn’t make things any simpler for us. In fact it adds a lot of complexity.

Angus: That’s interesting. As a non-technical person you can’t see that. Can you try to explain to us why?

Tom: Sure. There’s usually one aspect to blockchain security and it’s effectively the security of the state transition process. So blockchain is a big database. You want to make sure that all of the rights to that database are authenticated correctly and they follow certain rules. The security of the state transition function is usually provided by the collective stake of the network. In Ethereum’s case this is a bunch of GPU’s mining away. The same goes for Bitcoin.

In Polkadot’s case it’s a bunch of people sitting on loads of DOT and they don’t want their DOT to devalue. Chainflip also has that task. We also need security of our state transition function, but we also require the security of the collateral. So our validators and Chainflip collectively own threshold signature wallets. And we require that these validators have no incentive to collude for the purposes of stealing those funds.

Now the shared security of Polkadot is not tied to security of these DOT. If Chainflip were to leverage the shared security of Polkadot, we’d be delegating the stake to all of those people who hold DOT. And the people that hold DOT are not necessarily the same people who are being incentivised to provide liquidity on the exchange. If we delegated all of our security to DOT validators, but our validators were a different set of people, like collators in the Polkadot ecosystem, and the collators themselves have no stake. The collators are just rolling up the blocks, posting them to Polkadot.

You can force collators to stake but then we’re going back to square one. Why are we using collators and a Parachain if we get no benefit from XCM, which we don’t really. We’re building something at a different layer of abstraction and if we want to support the long tail of XCM assets, then we can just build a front end integration. But the long tail of asset support for Polkadot is not a path that Chainflip wants to go down. You fragment liquidity on the exchange and you force more collateral to have to be deposited in order to support that liquidity. It doesn’t really make sense for us.

“The golden goose for Chainflip are the chains where there is no decentralised liquidity solution at the moment. Chains like Bitcoin, Monero, Zcash, some of the bigger ones that have been left behind by the whole DeFi movement.”

Angus: If I rephrase that in simple terms, a validator in the Chainflip network has two jobs to do – securing the network and securing the liquidity of the network.

Tom: That’s right. Anyone can provide liquidity to the exchange when they trade but the validators that run the network are the ones providing security for that liquidity in two ways. They are one of 150 validators with custodial access to the liquidity and they also secure the state transitions for the AMM.

As I mentioned earlier, If you have $10bn of liquidity, you need some function of that amount as collateral in order to ensure you’re not a honeypot or a target for an economic attack. So if Chainflip were to support all of the Uniswap tokens for example as first party tokens, and people could send those tokens to Chainflip. Then you balloon the amount of liquidity that you’re able to accept and you balloon the amount of liquidity the exchange and the validators are collectively responsible for.

If you do that, you also have to balloon the value of our FLIP token, otherwise the validators are holding onto much less FLIP than they are proportionately providing the liquidity for. If they have $1 of FLIP for every $10 of liquidity they’re securing, things start to look a little out of balance.

Angus: I read in your Docs that the limit of the Frost Signature Schemes you’re using as a custody solution is 150 signatories. Do you expect this to increase as you grow?

Tom: The long term goal would be to scale that number and it’s certainly not a theoretical maximum. It’s a threshold that’s been chosen because it will provide the performance the exchange needs. If you go lower you decrease the level of security, if you go higher you decrease the amount of throughput. So it’s roughly in the Goldilocks zone.

Angus: You’ve chosen not to use the Polkadot messaging protocol (XCM) to facilitate swaps on the Polkadot network or the IBC messaging protocol on the Cosmos chain. Can you tell us what you’re doing instead?

Tom: It doesn’t really feel like it makes sense for us to muck around with the XCM’s and the IBC’s of the world at the moment. I’d love those ecosystems to mature and I’d love for it to be really easy for us to plug into them. You’ve only just started to see XCM channels opened up between Parachains on Polkadot so it’s very early days.

We’ve been building Chainflip for a year and a bit now. It’s just been too late. XCM wasn’t available when we started and there were no plans for it either that we were aware of. If we’d started around now and in 6 months time, it’s very clear how you could leverage XCM, and it’s very clear how to leverage Cosmos’ messaging protocol (IBC), and there’s a bunch of chains to support it, and there’s bunch of projects to support it, maybe then it makes sense. Other projects will have to deal with this whole notion of cross chain communication between something like IBC and XCM.

We’re kind of fundamentally solving a different problem. Chainflip aims to solve the problem of swapping Bitcoin for Ether trustlessly. Projects that use XCM solve the problem of swapping Bitcoin for Polkadot trustlessly. So we’re not really competing. Our competition are the centralised spot markets for these assets like Binance, Coinbase (Pro), Kraken and other central exchanges.

Angus: Ultimately you’re targeting a better user experience than centralised exchanges. Do you expect many to leverage XCM, IBC and other messaging protocols to compete with you?

Tom: Maybe there’ll be a bunch of exchanges that leverage XCM or IBC to do cross chain swaps. It will be very interesting to see if that happens. I suspect that the architecture of a DEX on top of XCM is extremely complicated. You’re going to need lots of oracles. You need lots of people to tell you the price. I’m skeptical and I haven’t seen it yet.

Layer Zero is a really interesting project and they’re most likely to hit our orbit first. They recently released their cross chain messaging tech and it’s cool. It has its faults and its flaws. Again, it doesn’t solve the problem of swapping assets from chain to chain, but I think that’s the likely direction they’re headed and I’d be surprised if they’re not. One of the problems they don’t solve is custody. They claim their technology can be deployed across all these different types of crypto base layers, like Bitcoin for example. I’m certainly really interested to see what they produce next.

Angus: Your vault rotation and creation of new authority sets sounds like a computation heavy process. Is it happening a lot and how do you reduce the need for the process?

Tom: Yes it’s quite inefficient. To produce a new aggregate public key that these 150 nodes have collectively derived and agreed upon requires about 90 seconds. It depends on the cryptography that’s being used under the hood. But it’s certainly not cheap which is why we don’t want it to be happening all of the time. The process is initiated when one of two things happens, either a certain amount of time elapses or a certain amount of nodes goes offline.

So every 28 days, which is probably the right amount of time, a new set of validators is chosen as auction winners. They generate a key, we perform the handover from the old key to the new key, and we have to do that across every single chain that we’re integrated with. Once that process is complete, control has been completely handed over to these new validators for another 28 days.

In the alternative scenario, where Chainflip notices that 20% of validators have dropped offline, we want to avoid a situation where we don’t have at least 100 nodes (or 66% of the 150 nodes) to reach the threshold to sign any transactions, potentially rendering all funds trapped forever. So we kick-off another auction immediately to replace the offline nodes with new validators, ensuring we have a healthy set of nodes again.

Angus: You’ve said that there are a lot of opportunities for AMM ‘s that are running on a custom execution environment. I was wondering if you could explain that to us?

Tom: So Ethereum and other EVM like chains are Turing-complete by design. They are like arbitrary computation platforms. As a result they’re not really efficient. They’re generalised computing machines. You can’t really push them to their limits because you’re working in the embedded systems world, like a micro controller versus an integrated circuit.

A custom execution environment allows you to do a lot more in the context of making the process more efficient. Uniswap for example, isn’t able to write any code that says, let’s tally up all the swaps in a particular block. It’s not able to because of the way the transactions are executed on the AMM, it doesn’t control the underlying execution there.

Chainflip can do that. We have our own validator network. We have our own Mempool. We have our own way of sequencing blocks and we can say we’re going to collect transactions for 10 minutes and then we’re going to match them against each other, and we can execute whatever delta there is on the exchange. So we have a lot more flexibility in that context than any EVM based exchange does.

That’s one of the reasons you’ve seen dYdX very recently come out and say they’re going to build their own blockchain. Everyone’s saying that rollups are the golden goose that’s going to fix everything in the Ethereum network, but they’ve realised that if they were to move to a rollup they still wouldn’t have much control over the underlying execution layer.

You still have to execute everything sequentially. You can do some funky stuff but ultimately you’re still at the whim of the EVM. And also they probably realise that even if they were to move to a rollup they still have to ask users to bridge their funds across to that rollup. And what’s the difference between bridging your funds to a rollup and bridging your funds to Cosmos – not much.

So why not give your users a very similar user experience and also have control over how trades are executed and sequenced. It just makes total sense.

Angus: Is your JIT (Just in time) AMM using batching like Gnosis does to batch transactions to reduce MEV and standardise pricing?

Tom: Yes. We don’t execute everything sequentially as it comes in. We actually did this because when you’re working in a cross chain or cross ecosystem environment, some chains are slower than others. Bitcoin blocks appear every 10 minutes. Ethereum blocks appear every 15 seconds. If you have a pair between some Ethereum based assets say USDC and Bitcoin, and you execute everything sequentially, you’re potentially receiving new USDC deposits every 15 seconds. If you receive a Bitcoin purchase every 15 seconds but a sale every 10 minutes you have a chart that looks very wonky. It looks like a saw wave. It goes up and to the right and then it drops vertically, and this cycle repeats with a 10 minute frequency and that’s not particularly good for users. It creates lots of weird incentives. For example you want to be the first person to get your Bitcoin purchase in after the last Bitcoin block. So what we do is collect all of those swaps, and amalgamate them, and then execute them all at the same clearing price.

Angus: That obviously eliminates the sandwiching that can occur between blocks as well?

Tom: Yes. You also limit opportunities for people that are witnessing upcoming transactions in the Mempool to benefit from trading at the right time and other volume based incentives.

Angus: Chainflip has said that there have been some examples of liquidity providers being incentivised on Uniswap v3 for their large orders. Is this concept largely untested outside of these use cases that you’re aware of?

Tom: It’s a good question. I think so. CowSwap does something very similar to what we want to do. It seems to be working pretty well but not many people use it as a front end. CowSwap doesn’t work the same way as the JIT AMM but it collects a bunch of orders and batches them up so everyone is given the same clearing price over a few blocks. In the context of just in time liquidity, I don’t believe we’ve seen it anywhere other than UniSwap v3. And that’s probably because v3 has a business source licence, so no one’s been able to copy it on the EVM chain. And no one’s yet had the time to build and release an equivalent on a non-EVM execution environment.

Angus: Are there any scale challenges involved initially with providing a minimum level of liquidity for each pair?

Tom: The plan loosely is for funds from the LBP (liquidity bootstrapping tool) to be used to provide liquidity to begin with. Obviously there needs to be liquidity on the exchange to make it useful. As builders of the exchange we will certainly be helping as many people as we can to become proficient liquidity providers. We have a bunch of people lined up to provide liquidity on the exchange. We’ll be helping them to make that profitable. We’ll be trying to drive as much volume as we can through swaps and so on. It remains to be seen exactly what the challenges will be, but given the nature of the exchange, I don’t think there will be too many challenges because of the amount of capital efficiency that we can provide.

I think the bigger challenge will be attracting the right volumes. I don’t think liquidity will be a problem to begin with. The challenge will be making that liquidity feel like Chainflip is a good home for validators by growing our volume.

Angus: With the EU intending to introduce MICA regulations as early as 2024, how do you anticipate this will impact the value proposition of DeFi?

Tom: If it affects the value proposition of DeFi then that product is not DeFi. Maker, arguably one of the most successful product to exist in the DeFi ecosystem is not going to fall victim to this problem. Anyone can build a front end for Chainflip and anyone can build an integration with it. User funds are not held custodially by any legal entity. They don’t have to trust the bridge for any longer than their funds are passing through it. And it would be very, very hard to regulate the product.

Angus: What about if you have retail customers using the product or if you’re domiciled outside of the net?

Tom: If Chainflip Labs, the company, is running a method of interfacing with the exchange, I’m sure there’s probably a bunch of arguments that you can make that Chainflip is providing financial services. If you’re that way inclined you can probably lobby for Chainflip to be caught in the regulatory net. Chainflip doesn’t have to run that front end. Chainflip can ask people to build it. It’s then up to them if they host it in Singapore or Dubai or another country that’s more crypto friendly.

Ultimately Chainflip Labs could end up interfacing with regulators, but the product itself has been released as an open source piece of software and it’s can’t be stopped by regulation.

Angus: You said at the end of your roadmap that this is just the beginning. What are some of the ways you envisage expanding beyond the use cases of cross chain swaps?

Tom: That’s a good question at the moment. I’m fascinated by the tech that we’re building. The threshold signature scheme that we built and the multi-party compensation protocol I’m sure has use cases outside of cryptocurrency. I’m more interested in that than I am in figuring out how Chainflip could be used for NFTs.

Angus: Do you see it having applications for B2B relationships?

Tom: Business to business relationships are incredibly inefficient, or at least it seems that way. I think anywhere there is a shared desire to produce common agreements between a set of untrusted parties could be a potential use case for our technology.

It’s extremely efficient, pretty robust, lightweight, all things considered. Tackling the shared custody problem is easily one of the most interesting things about the problem we’re solving.

Angus: What problems do you see crying out to be solved?

Tom: Privacy. Privacy of the underlying history of the blockchain, the under lying transactions. The average web3 user has multiple wallets, and over a period of 10 years, there’s lots of transactions that have potentially been made with these wallets. If you’re still using these wallets, all the transactions from 10 years ago are still there. That might be desirable, but I think it probably isn’t for most people. If you could go and wipe your transaction history or conceal them moving forward that would be great. If you buy a questionable NFT, you might not want your grand kids to know. The right to be forgotten is really interesting.

Technology is moving in a direction where you don’t have that right. It wasn’t codified in from the start. We don’t have a bill of digital rights and so there’s a lot of information our there about each individual person that they probably don’t even know about. It will become more of a talking point for my kids and the next generation. I see that as a big greenfield opportunity and a big selling point for future technology companies.

You’re seeing it a little bit now with people wanting to shift towards greater privacy but it’s slow. Signal’s had its time in the sun over the past year. Email providers have as well, like Proton Mail, but even they’ve ended up helping law enforcement recently. What it comes down to though is it’s really difficult to solve this problem in the first place. So I think that zero knowledge technology is going to play a huge role in that. I hope the tech industry over the next 10 years tends towards incorporating more of this technology into its products and services.

Follow us