The exchange's vulnerabilities are being analyzed

NO.1前言

In recent years, blockchain-based technology and cryptography have become popular.The digital currency industryAs one of the most important links in the digital currency industry chain, blockchain asset exchanges undoubtedly have a prominent position. It connects the secondary market for blockchain investments, as well as project parties and general investors.

According to statistics, there are currently more than 300 exchanges listed on non-small platforms, and even more than thousands of unlisted ones. Even so, the intruders are still tired of this. In the context of almost every exchange with dozens or even hundreds of tokens, the limited stock market, small and medium-sized blockchain assets and exchanges will face a traffic-poor, priceless market situation.

NO.2

Why Marketing Strategy is Needed

The emergence of market robots has changed this situation, by participating in the market, curbing the excessive speculative behavior of the market due to the asymmetry of information and resources, and maintaining the good functioning of the trading platform. And reducing the phenomenon of so-called hidden price manipulation in traditional trading methods, to enhance the attractiveness of the market, increase liquidity and transaction volume, meet the buying and selling needs of ordinary investors, and stabilize market confidence.

Today, in order to better connect new exchanges and new currencies with the general investor and solve many of the problems they face in the early stages of their listing, both small and medium-sized exchanges and blockchain project participants have to rely on marketplace robots.

NO.3

Principles of marketing strategy

The market strategy consists of a market system, tracking price changes, continuously providing bid and ask bids; through high-frequency large-scale buy and sell transactions, gradually accumulating the difference between the price and theoretical price of each transaction and dynamically adjusting the price according to the characteristics of the holding position.

There are two common market strategies used by exchanges in general:

Passive market: Market strategy is to track the deep data and transaction data of the mainstream exchange, not to make a larger active choice, but to passively follow the market, seeking the closest possible tracking and complete replication, trying to reach the same K-line data as the mainstream exchange.

Free market: This market model does not refer to other trading indicators, but instead markets at its own cost and set the listing. This model is suitable for environments with relatively concentrated pricing power for the relevant currencies, such as:Small blockchain assets or coins issued by the exchange itself。

NO.4

Lack of strategic marketing

Whether it is a passive market or a free market, it is necessary to solve not only the price problem of the trade mark, but also the liquidity problem. So for an active market, it is necessary that the marketer's strategy can buy and sell itself, otherwise it is difficult to form a proper K-line.

The most common method is to randomly specify a price to sell near the spot and buy immediately at the same price. Or, according to the random price, buy first and then sell. Usually, due to the short time between buying and selling, the corresponding listing is often not found in the depth data, but the transaction record can be left in the historical data, and the K line is drawn by this market making method.

Please note: This is how the vulnerability appeared.

In order to generate a continuous K-line, the market strategy hides a loophole in the bid-ask spread near the discount counter. Although the bid-ask spread of the strategy is issued simultaneously, the network problem and the shooting speed are not and cannot be ideal, which results in the order of the market strategy, which has a certain probability of being exchanged by others.

Imagine if there was another high-frequency bidding strategy in the market, which always sold the bid at a lower price and bought the bid at a higher price, and this high-frequency bidding strategy would be profitable as long as the difference obtained by this strategy could cover the transaction fees.

NO.5

A demonstration of the actual battle

I'm not sure what you mean.ETHUSDT trading on the exchangeFor the existence of a market phenomenon, the reference object may be the Bitcoin ETHUSDT data. By looking at its discount order thin data, it is found that there is a self-made receipt, a random buying and selling direction.

Usually, high-frequency brushing strategies do not involve random pricing on the market, but instead refer to the random change in the price of the last transaction in the marketer's strategy. This makes it difficult for the transaction price to reach the low and high prices of the market, coupled with the limited success rate of obtaining a market strategy order, and there is almost no profit margin.

This seems to be a smooth one, but if we take advantage of the bug that market orders must be listed in the inventory, it is easy to crack the marketer's strategy on the exchange and make a huge profit.

NO.6

The specific steps are as follows:

When a low-priced transaction is expected, a certain price is added on the basis of the buy one price. When the buy one price is 200, the 200.1 buy one price is added, then the 200.09 buy one price is added, and immediately withdrawn. When the transaction is completed, the reverse operation is immediately performed, selling the transacted coin at a high price, thus completing a cycle.

Although the success rate is not high, the profits are still considerable if the opportunity is greatly increased by the large number of frequent hanging withdrawal transactions.As shown in the graph above,A high-frequency brushing strategy was written by the inventor of the FMZ, with virtually no reversal.In just one night, I went from 1000USDT to 4000USDT in profit.

This is still a moderate brush, and if you use multiple accounts, multiple contracts, multiple threads, you will make a huge profit.

NO.7

Source code of the brushing strategy based on the marketplace vulnerabilitiesThe above strategy source code is based on the inventor's quantification platform.www.fmz.com), please indicate the way

NO.8

How to Prevent

For this type of market strategy, it is easy to solve the problem once you know the principle, such as the market strategy, when the price is low, you can only hang the bid and then hang the bid, and vice versa, so as not to be bought and sold by others; or to put all the bids and hangs within the range that can be hedged on other exchanges.

The words on the back

Despite the fact that exchanges are at the top of the entire blockchain industry,It's like a giant that's out there, exposing more attack and exploitable vulnerabilities.

Objectively speaking, there may be more hidden bugs that can be unreasonably pushed out by thin orders; for example, exploiting a civilized exchange marketer strategy vulnerability, an attacker can cleverly design various hidden attack strategies, and can also do so without realizing it.

Today, digital currencies have become a new investment icon, and exchanges have become a battleground for many hackers.Hackers lurking in the shadows, like hungry wolves, are on the move, closing in on the exchange's breach, ready to strike deadly; blockchain centralized exchanges can only strengthen their defense deployments, allowing customers to truly trade without worry.