This article is a development report for the Dex223 decentralized exchange.
We’re building an exchange to speed up the adoption of the ERC-223 token standard. ERC-223 was created to address a security problem in the older ERC-20 standard. The security issue in ERC-20 has caused over $100M in losses on Ethereum in 2023. Take a look at other Dex223 development reports.
Browse other Dex223 development reports here.
Dex223 core contracts were audited by Beosin. The security audit uncovered 2 critical vulnerabilities that needed to be fixed in the core contracts sytem (mostly related to reentrancy possibilities with ERC-223 tokens). Also a number of high-severity issues related to reentrancy issues were found in peripherial contracts but this does not affect the current implementation of the platform as we are not using Swap Router for ERC-223 swaps.
Final security audit report can be found here: https://www.beosin.com/audits/Dex223_202503270948.pdf
Here is Beosin's article about Dex223 & ERC-223 standard: https://beosin.com/resources/understanding-erc-223-a-superset-of-erc-20-and-its-application
X announcement: https://x.com/Beosin_com/status/1906977136994349256
During this two months the security audit was completed and all detected issues were fixed. We had three subsequent re-audits until we ended up with the current contracts system which no longer has any unpatched vulnerabilities.
As the security audit is completed we have started the deployment of Dex223 platform on Ethereum mainnet.
There is an instance of Dex223 deployed already and you can interact with the contracts now: https://github.com/EthereumCommonwealth/Dex223-contracts?tab=readme-ov-file#ethereum-mainnet-deployment
The UI at app.dex223.io currently interacts with the contracts deployed on Ethereum mainnet.
There deployment uncovered a number of issues on the frontend side that were not detected during the testnet deployment. The most important known issues as of now are:
-
USDT compatibility. USDT contract is not compatible with ERC-20 specification technically, therefore we have some issues with USDT operations. We are aware of those problems that were reported with USDT operations not being processed properly and we are working on the fixes.
-
RPC nodes are not reliable enough. Initially we planned to build the system in a way that it would switch between publicly available RPC nodes on demand so that it would be as decentralized as possible (without us governing one node to serve users). This proved unreliable in the live environment and we received a huge number of issue reports related to spontaneous problems which should have been caused by RPC node failures. We have two possible solutions here: (1) rent a node ourselves and use it or (2) implement a custom node setup or some system that can switch nodes. The second one is preferable but it will take time to implement. We are currently measuring the number of requests and evaluating the expected number of users our platform is supposed to serve at this stage. We will develop an appropriate solution once we have the required data.
-
During the audit we excluded the
sweepTokenfunction from our contracts as it was incompatible with ERC-223 workflow. We need to remove thesweepTokencalls from fee claiming workflow on the UI side. We are aware of that issue and it will be patched in the next release.
Dex223 contracts are deployed on Ethereum mainnet. Most parts of the system operate correctly including (1) core features such as swap / liquidity providing / fee claiming, (2) auto-listing contracts, (3) integration with the Converter and ERC-223 versions of existing tokens.
There are a number of known issues that require a fix.
If we will not detect any issues related to smart-contracts and requiring a full re-deployment of the platform then we will consider the current contracts as the official Dex223 deployed on Ethereum.
We will extend the list of "default" tokens in the coming weeks.
As it was mentioned in the previous report we were planning to integrate Simpleswap for fiat onramp on Dex223. However, we faced problems related to the documentation inconsistencies at Simpleswap's side and therefore impossibility to utilize Simpleswap's API for our needs.
As we were unable to resolve this issues with Simpleswap for a month we decided to cancel the Simpleswap integration and look for alternative solutions.
Currently Coinbase and Moonpay provide third party services with an opportunity to process fiat payments. We will most likely focus on integrating Moonpay once we are done with the platform deployment procedure.
The main goal of integrating fiat onramp services is to allow users to enter the world of crypto with Dex223 solely. This would open up an opportunity of promoting Dex223 in regions where crypto is still not regulated or the adoption is still low and here the decentralized nature of our platform plays a significant role.
The main goal of Dex223 as a platform however is to provide professional traders and crypto maximalists with tools to interact with any assets in a free manner without any external control or restrictions.
During the last two months the team had to abandon the Simpleswap integration plan and evaluated alternatives. We ended up with an open task to integrate the Moonpay for fiat onramping but the implementation is postponed until we will finish the Ethereum mainnet deployment.
We consider the current instance of the Token Converter to be final.
I've received a number of questions related to the EIP-7417 status and I would like to address the uncertainty related to us not willing to finalize this EIP.
First we need to understand what is an EIP (Ethereum Improvement Proposal).
An EIP is a design document providing information to the Ethereum community, or describing a new feature for Ethereum or its processes or environment.
EIPs are not built to make anything "official" or indicate a sign of approval by Ethereum community or Ethereum Foundation. For example the well-known ERC-20 token standard was in "draft" status when the adoption has started in 2015. It was only finalized in 2017 while there were a lot of ERC-20 tokens using this standard in production already.
https://github.com/ethereum/EIPs/blob/master/EIPS/eip-1.md#eip-process
Therefore further destiny of the EIP-7417 Token Converter is not related to how the EIP will be handled, the EIP is here for documentation purposes and it will be used as a reference by anyone who would be building a DAPP that interacts with ERC-223 versions of tokens. This EIP must contain as much relevant and up-to-date information about integrating the Converter as possible if we would like to see other DAPPs integrating it.
The EIP process however does not allow adding any information no matter how important it is to any EIPs which are assigned the "final" status. This is a known problem of the EIP process and it is thoroughly described here: https://ethereum-magicians.org/t/modification-of-eip-process-to-account-for-security-treatments/16265
As the result we are stuck with the process which will not allow us to append any information related to the usages of the Converter if we will finalize it. Since I was unable to convince the EIP editors to allow security considerations appending in "final" EIPs I've decided that we will leave the Converter in "review" status until the production implementation of DAPPs that interact with it will show us any caveats that we need to add to the EIP description.
We need to retain the possibility of adding sensetive information to the text of the EIP-7417 for now because the most important issues are typically found during the initial stage of the production implementation of any service.
This must not result in EIP not being treated as "official" because EIPs are pieces of documentation describing components of Ethereum, not a sign of approval by Ethereum.
Margin trading smart-contracts are in development.
You can track the process of the implementation here:
- Module: https://github.com/EthereumCommonwealth/Dex223-contracts/blob/main/contracts/dex-core/Dex223MarginModule.sol
- Price oracle contract: https://github.com/EthereumCommonwealth/Dex223-contracts/blob/main/contracts/dex-core/Dex223Oracle.sol
NOTE: The "Price oracle" contract here is not an actual oracle but more of a relay contract that reads data from the Dex223 pool and relays it to the Margin Module.
During this months we've started the implementation of the liquidations script and partially built the lending-borrowing contracts. We are still working on the liquidation feature implementation on the contracts side. Once it's completed we will proceed to testing.
More detailed description of the margin trading module will be provided in a separate article.
During this months the UI updates were mostly focused on providing more information about the state of the system when it experiences errors. We've extended the error logging and now error messages provide the user with more information about possible reasons of the failure.
We've completed UI templates for the auto-listing contracts management feature that will be released after the core platform deployment phase is completed.
We've also completed the Revenue Claiming templates.
Figma templates will be published separately once we will cover the Revenue and Auto-listing management features of the platform.