Ethervista exchange transactions grind to a halt after record start
Ethervista volumes slowed down, both for organic traffic and bot activity. Researchers found signs of potential fee exploits, taking more than 30 ETH due to the routing smart contract.
Ethervista and its VISTA token were off to a flying start. The new DEX became one of the top gas burners on Ethereum. However, just two weeks after its launch, activity on the platform has grounded at a much lower baseline.
The new Ethervista DEX launched with activity levels that rivaled Uniswap’s gas fees. Yet this new project was viewed with skepticism, as most of its activity consisted of trading native VISTA tokens against WETH.
The exchange managed to generate up to $240K for its developers from fees and initial trades while it was on its high. However, just two weeks after its launch, Ethervista activity has dwindled to zero levels.
Ethervista stalled in creating new token pairs
The main point of Ethervista was to create a novel Ethereum-based market for meme token pairs. In total, the project drew in 846 pairs and pulled 45.13 ETH in total liquidity.
In comparison, in the initial days after Pump.fun launched, more than 16K tokens were deployed, while SunFun had more than 25K new assets in initial liquidity pairs. Ethervista launched during a moment of interest withdrawal from the meme ecosystem. The leading Pump.fun platform also suffered outflows.
Soon after launch, Ethervista onboarded several major bots. However, within two weeks, both direct user volumes and bot-driven trading slowed down. At the end of the period, Ethervista activity also saw increasing net outflows. Of all pairs created, 737 saw some form of trading, while the VISTA token was the first and major source of activity.
After an initial boom of new token creations, Ethervista transactions slowed down, as interest in new tokens diminished.
The native VISTA tokens still have $2.4M in locked liquidity against WETH. The token has gained more community trust and vetting as a DEX asset. The exchange still managed to produce fees, which were sent out to three developer addresses.
The VISTA token still reports an address with $2.5M in liquidity, based on Arkham data. The exchange continues to show inflows from MEV bot addresses.
Bots may have exploited Ethervista’s vulnerability
Ethervista showed anomalous MEV bot volume around September 5. The activity may have been due to bots exploiting the market for outsized ETH gains.
According to PhD student and security researcher Chaofan Shou, a manual trader discovered a vulnerability in the router contract. The trader then went on to exploit an integer overflow vulnerability, which swept the fees in the router.
Do you know @ethervista's swap fee can be bypassed, and liquidity providers won't receive any rewards?
There is another bug in the Ethervista router — it uses the fee parameters from the first pool and only pays to the first pool.
If you own the first pool and set the fee to… pic.twitter.com/nDFnnRgGqn
— Chaofan Shou (@shoucccc) September 5, 2024
Since Ethervista also hosted bots, one of the bots repeated the exploit multiple times, making the vulnerability’s effect much more pronounced. According to Shou, the pools on Ethervista were not in danger, only the router where the fees could be exploited.
Shou estimated the initial attacker managed to drain 10 ETH. Bots repeating the same steps in the next block took another 20 ETH. Shou withdrew 8 ETH while testing and retained the funds in a wallet.
The exploiter and the bots later used the funds in the router contract to set high fees.
The other Ethervista vulnerability was that some pool owners could set the fee to zero and trade Ethervista for free. The exploit also raised questions on why Ethervista had accessible funds in its router contract, instead of keeping all funds in liquidity pools. This exploit is possible only for the owner of the first pool on the DEX.
Ethervista was created as a Uniswap clone, similar to other DEXes. However, the unexpected exploits may have accelerated the project’s crash.
Even with bots and withdrawals, Ethervista was successful in its early days, although it was not sustainable for token trading. Both bot and organic activities have slowed down since the September 5 peak.
The launch of Ethervista also came with another red flag, a partnership with the Gotbit hedge fund. The Gotbit project was supposed to serve as a market maker for Ethervista.
Previously, Web3 researcher and on-chain analyst ZachXBT warned about the risk of tokens that were tied to Gotbit’s services. In the past, Gotbit has offered to build inorganic trading volumes, similar to what was seen soon after the launch of Ethervista. The DEX ended up requiring up to 150 ETH for gas fees in just the first few days of trading, even when VISTA was the only asset available.
Cryptopolitan reporting by Hristina Vasileva.
What's Your Reaction?