ChainFlip

Quick Overview of the ChainFlip project

The recent explosion of the DeFi ecosystem backed by the growth of the Ethereum ecosystem unleashed tremendous opportunities for investors (double digits return, new support of investments … ) during the past years while allowing the rise of new agents such as the Automated Market Makers (AMM)*.

However, if we look at the current biggest AMMs (Uniswap, Curve, Balancer…) we can spot that despite their differences with respect to the pricing algorithm and the fee model they all rely on the smart contract technology and as such are captive of the Ethereum ecosystem. Indeed, when speaking of cross-chain trading the current AMM cannot offer any trading solution without involving wrapped or synthetic asset allowing to conduct the swap in one simple generic transaction while others existing solutions need the implementation of exotic protocols, changes to the underlying consensus rules or are simply not wallet agnostic.

This is where the new form of DEX pushed by the ChainFlip project comes into play. Indeed, as advertised in their white paper, the ChainFlip team propose to create a new type of trading platform where tokens can be natively traded across blockchains without needing to use synthetic assets thanks to the use of a network of bonded nodes which can collectively view, send and receive transactions from multiple blockchains in parallel. So let’s take a deeper look at this new form of DEX to understand how they propose to enable efficient cross-blockchain trading with this new type of network architecture.

The ChainFlip platform architecture

ChainFlip being cross-chain cannot rely on the security of a single smart contract to produce the desired outcome. Instead, it relies on a system of vault, which secure funds of users on the platform. One vault is established for each supported blockchain and is operated by vault nodes, a special type of server that stakes into the network to earn rewards. Vaults nodes and their vaults gives ChainFlip the ability to store funds in a secure and trustless manner, but unlike smart contract code, does not give a definitive ruleset for how funds should be processed once in the vaults. To accomplish this, ChainFlip design includes a state chain*. This state chain operated by vault nodes, allows them to come to consensus on when transactions should be created and to whom they should be sent.

What components are put at use to create this new type of DEX ?

The ChainFlip architectures is composed of the following components :

Vaults : The vaults are jointly managed cryptocurrency wallets controlled by staked nodes called vault nodes.

Vault nodes : The vault nodes perform an extended set of operations compared to the nodes from a typical blockchain. Indeed, these nodes require larger stakes, earn rewards from the block reward, and maintain the state chain for ChainFlip and the requisite daemons for the supported coins.

State chain : The state chain is a side chain which act as ChainFlip’s coordination mechanism. It contains all of the data pertaining to vault contents, as well as a ruleset for how to deal with transactions once they enter a vault.
It is through the state chain that vault nodes come to consensus on when and where to send transactions.

Quoters : Quoters are the interface between the user and the state chain, its main function is to insert quotes into the state chain, on behalf of a user.

Quotes contains swap details such as receiving and destination addresses, and optional additional details such as :

Slippage limits
Return addresses
Timeout rules

Liquidity pools : Liquidity pools are an abstraction that consists of a reserved portion of two vaults.

For example a BTC/DAI liquidity pool would have a reserved portion of the Bitcoin and Dai vaults. Each blockchain requires only one vault, but each vault may be split among multiple liquidity pool.

How does this platform work ?

As mentioned before, each vault has a balance which can be distributed across multiple liquidity pools so in cases where multiple pools rely on the same vault a super majority of vault nodes (more than 2/3) can transfer balances between the pools directly on the state chain without creating any outgoing transactions on the native blockchain.
Accordingly, when a user X decide to perform a swap between ETH and BTC on the platform he only needs to send a quote to the state chain, verify it and send the funds for ChainFlip to route the incoming BTC through the BTC-DAI and DAI-ETH pools and generate an outgoing ETH transaction for the user thanks to the pool balance transfer operated in the background inside the DAI vault. This way, the user can operate efficient cross-chain trade without ever holding any other token and without the need to send multiple transactions on the Ethereum blockchain.

Also, given the cross-chain nature of the platform, and because liquidity providers often do not have a perfectly balanced portfolio of assets to add into liquidity pools, ChainFlip supports asymmetric liquidity provision. In other words, any user with any ratio of assets between two sides of a liquidity-pool including just one asset can easily provide liquidity for that pool without having to manually rebalance their portfolio. Instead, the algorithm automates the rebalance by performing an implicit asset swap of the provided liquidity within the liquidity pool itself.

How the platform ensures its security against potential attack ?

There are 3 main types of attacks :

Financially motivated attacks, trying to steal or ransom other user’s coins
Non-financially motivated attack searching to shut down the service or freeze/destroy assets deposited on the platform.
Financially motivated honest attacks using the system to maximize a user benefits

To counteract the first type of attacks, ChainFlip contains a mechanism that allows the vault node network to destroy the stake of nodes that are found to act against the consensus of the chain. Given this mechanism, many of the financially motivated attacks become unprofitable and way too expensive, if the value of the stake in the vault node exceeds or matches that of the possible windfall from a given attack. On top of that the platform also implements a vault randomization element in its vault node governance in order to prevent any attempt by an attacker to get a super majority for some type of vaults such as the Bitcoin vault who do not scale as good as other vaults like the Ethereum one (see ChainFlip whitepaper for more details). Also, a hard limit of collateralization is enforced where liquidity providers are prevented from adding liquidity when the total value of the liquidity pools reaches a multiple of the value of the collateral staked in vault nodes in order to make sure that the platform can rely on its vault nodes even when they are not substantially overcollateralized.

In the vault scheme, another serious attack under consideration is ransom or burning attack by anyone controlling a super-minority. Indeed, in a t of N threshold signing scheme such as the one used by ChainFlip, the value required to form a super-minority is N-t+1. For example, if we have 99 nodes, and 66 required to sign, 34 vaults nodes can form a super-minority giving as such the attacker a blocking vote on all transactions in the vault and the possibility to froze indefinitely the funds in the vault or ransom their release. To counteract this type of attacks, if we are in the case of a smart contract based blockchain, ChainFlip is adding a function in the vault smart contract allowing a community defined emergency backup address to withdraw all funds if there is no activity in the vault after a set period of time rendering as such any similar attack totally ineffective. In the case where we are not dealing with a smart contract based blockchain, changes in the protocol have been made to ensure a similar protection.
Moreover, in order to make sure that no attacker use the vault nodes in order to slow down the network, ChainFlip enforces a penalty system in which each vault nodes earn credits when they are among the first group of nodes to sign witness transactions or outgoing transactions from a vault and lose some when they exhibit poor performance knowing that if a node with a negative credit score unstake it will have a portion of its stake slash.

Finally, among the last type of attack the most recurrent in the case of AMM is front running. However, it can, here, be easily managed by the users themselves by simply putting a slippage limit in their quotes and by the platform algorithm by ordering quotes based on the time at which they were activated in the state chain.

What is the type of fee model used by ChainFlip ?

The answer is still up to debate among the team, as pointed out in their white paper. However as shows the Thorchain research paper, mentioned by the ChainFlip team in their whitepaper, it appears that the Slip based fee model allows a reduction of the impermanent loss to 65% of its fixed rate fee based model value. So even if it is too early to take a stance on that matter, it appears interesting for liquidity providers in search of a better ROI to stay update on this project and on its fee model choice in order to be able to be among the first to take advantage of it if the final model allows a lesser impermanent risk for liquidity provider compare to Uniswap or other AMM.

To conclude, ChainFlip seems to be a really interesting project bringing a lot to the table, while answering the cross-chain problem in an interesting and user-friendly manner. Moreover, given its early stage in development, this project will probably be able to learn from the issues revealed by the current major AMMs and build a more flexible infrastructure allowing it to incorporate quickly and efficiently the new technologies and new tools currently developed in the DeFi space (ZK-Rollups … ).