Audits
Services
Services
Smart Contract Audit
Blockchain Protocol Audit
Penetration Testing
dApp Audit
Crypto Wallet Audit
Cross-Chain Bridge Audit
Bug Bounty
Proof of Reserves
CCSS Audit
Tokenomics Audit & Design
Smart Contract Audit
Mitigate weaknesses in your smart contract and improve its functionality with a double line-to-line code analysis and a separate review by a lead auditor.
Blockchain Protocol Audit
Secure the entire architecture and implementation layers of your blockchain protocol with professional security audits and testing.
Penetration Testing
Proactively detect vulnerabilities in your Web3 project by subjecting your systems to a simulated cyberattack in a secure and controlled environment.
dApp Audit
Identify vulnerabilities in applications interacting with blockchain networks with secure code review and static security analysis.
Crypto Wallet Audit
Code review & static security analysis for crypto wallet apps.
Cross-Chain Bridge Audit
Code review & security analysis for cross-chain crypto bridges.
Bug Bounty
Receive only relevant bug reports or undergo crowdsourced penetration testing with the help of thousands of ethical hackers curated by HackenProof.
Proof of Reserves
Enhance transparency in crypto exchanges with independent on-chain proof of assets’ true collateralization.
CCSS Audit
Assess and strengthen your security practices, identify vulnerabilities, and safeguard valuable digital assets in the ever-evolving cryptocurrency landscape.
Tokenomics Audit & Design
Ensure your token model robustness and efficiency and convey trust to investors and community with our thorough, independent audit of protocol economic security.
Solutions
Post-deployment security solution
Hacken Extractor
Real-time smart contract protection from assets loss
Learn more
Solutions
Featured ecosystems:
Ethereum (EVM)
BSC
Polygon
Near
Avalanche
Fantom
Aptos
Sui
Optimism
zkSync
Arbitrum
Solana
Polkadot
Cosmos
Radix
Linea
MetaMask
Others
By Languages:
Solidity
Rust
Move
Blog
Company
Company

The window to exchange $HAI for Hacken Equity Shares ($HES) is now open > Claim your spot today

Decentralized Exchange Ranking Methodology

Decentralized Exchange Ranking Methodology

Share via:

Author: Kostiantyn Oleshko

With the growing popularity of decentralized exchanges in recent months, it became necessary to clarify the factors that form their popularity and the methodology for compiling their rating. In the second half of October, CER will publish the rating of DEXs on the cer.live website, hence the analysts present an overview ranking methodology.

What is DEX?

A decentralized exchange (DEX) is a cryptocurrency exchange that operates without a central authority.

The main difference between CEX’s (centralized exchanges) and DEX’s is that users do not need to transfer their cryptocurrencies to the exchange wallets. Unlike centralized exchanges, the user always controls his funds. Hackers cannot withdraw user funds from the wallets of the exchange, unlike the recent Kucoin hack, because only the end-user has access to his private keys.

The other important attribute of a decentralized exchange is the absence of KYC requirements. A user does not leave any personal data about himself while trading on the decentralized exchange. To start trading, a user only needs to connect his wallet with the DEX service.

Problem

“Security rankings is crucial for DEXs evaluation. We do not recommend to deposit and trade crypto at DEXs with low CER.live score,” says Dyma Budorin, CEO at the Hacken Group.

The presence of a vulnerability in the exchange’s smart contracts can lead to a halt in the operation of the platform or the loss of locked user funds. To ensure security, decentralized exchanges need to undergo security audits after each software update, and also have a bug bounty program.

A recent example of such an attack is the incident with the Balancer platform when a hacker stole tokens equivalent to $500,000 by exploiting a vulnerability in a smart contract. The Balancer case became possible because the technical team did not fix a bug found by third-party cybersecurity researchers 2 months prior.

Many decentralized exchanges do not undergo regular audits and do not run bug bounty programs, which can potentially lead to new successful attacks, and as a result, decrease community confidence in DeFi projects.

Solution

CER analysts have created a methodology for the assessment of decentralized exchanges in order to protect traders from trading on exchanges who do not worry about their security and the safety of their users’ funds.

While conducting a significant number of researches, the CER team of qualified specialists developed a comprehensive assessment model for decentralized exchanges, which consists of several essential components.

Security audit
Bug bounty program
SSL/TLS
Cold wallet direct support
Liquidity score
Data provision
Token whitelists
Transaction deadline
Slippage tolerance

Security audit

A smart contract security audit is a thorough analysis of smart contracts in order to correct design issues, errors in the code, or security vulnerabilities. An audit is one of the most important indicators of DEX security. Nevertheless, the presence of audits does not mean that the platform is 100% secure.

We check the security audit report as well as its relevance. Security audits tests should be held after adding new features to exchange or after existing features have been updated. In this regard, penetration tests made on previous software versions are no longer relevant.

SSL/TLS

SSL/TLS certificate has to be present for the DEX, it should follow all security best practice. We use the grading system from Qualys SSL Labs which grade websites’ SSL certificates.

Bug bounty program

A bug bounty program is a deal offered by services and platforms by which individuals can receive recognition and compensation for reporting bugs, especially those pertaining to security exploits and vulnerabilities. This is a way to detect software and configuration errors that can slip past developers and security teams and later lead to big problems.

Bug bounties should preferably be placed on one of the well-known bug bounty platforms so that the maximum number of ethical hackers pay attention to it. If the exchange itself serves a bug bounty program, then it limits the number of potential hackers to its client base.

Cold wallet direct support

One of the most secure ways to store cryptocurrencies is a cold wallet. A cold wallet is the hardware device to store Bitcoin, Ethereum, and other cryptocurrencies offline.

In general, working directly with a hardware wallet is a safer way to interact with the platform. A hardware wallet can be connected via Metamask, but not all browsers support Metamask.

Liquidity score

One of the main indicators of any exchange is liquidity locked on exchange pairs. The ability to sell or buy cryptocurrency quickly and with minimal losses on the spread is one of the most important requirements of any trader.

Our liquidity score is based on the average liquidity values across the entire DEX market.

Data provision

Service users must be able to find statistics on the liquidity locked in the pair, as well as the history of transactions performed. Nevertheless, the presence of such a service is not mandatory for exchanges with the visible order book, and where the trade history is displayed in the trading interface.

Token whitelists

The exchange must have tools to protect the user from fake cryptocurrencies with the same ticker symbols as the original project.

Transaction deadline

Users must be able to set the transaction deadline. In the event of this deadline, the trade should not be executed.

The presence of this feature is very important because transactions might be confirmed in a few hours when market conditions have already been changed.

Slippage tolerance

The user should know with what deviation from the current price he will buy the token. Slippage tolerance helps users to prevent trades, in which the price deviation exceeds the value specified by the user.

Conclusion

We encourage all DEX platforms to comply with best practices and perform security audits after each significant software update and also maintain a bug bounty program to get reports from third-party security researchers.

Contact cer.live with up-to-date information to submit relevant data before the rating is released.

The DeFi industry is just starting on a long path toward maturity. In these early days, projects safety and protection are paramount and will only grow in importance going forward.