Futureswap: Not your keys. Not your perpetuals.

How Decentralized is Futureswap V4

Not your keys. Not your perpetuals.

A DEX (decentralized exchange) can’t call itself one if there are centralized private key holders that have access to the users’ private keys. If a third party, like the team behind the exchange, has access to a users’ private keys, they can control any funds controlled by the corresponding wallets. So even if the users are storing their tokens in a wallet they control, when another entity has the private key, the wallet is compromised.

If an exchange has control over user funds on their platform, they can seize all of the users’ crypto assets. Exchanges that control user private keys are thus susceptible to malicious attackers who can more easily target a central or sole key holder and gain access to all the users’ funds.

Currently, there is a 7-owner DAO made up of team members, advisors, and community members, that can execute an upgrade on some of the Futureswap contracts. Some contracts are immutable, like the vesting of incentives, but the core exchange contracts follow the proxy pattern and can be upgraded by a community vote or the DAO. This DAO exists to protect the protocol and users. In case a vulnerability is discovered and requires an immediate fix, the DAO can quickly take action. After the system has been stress-tested over the next few months, this right will be revoked.

On Futureswap, users have control of their private keys. V4 is 100% non-custodial. When a user wants to trade on Futureswap, their funds are locked into a smart contract that only they have the private keys to control. This way, it’s not possible for anyone on the Futureswap team to seize user funds, and there is no centralized vulnerability for a hacker to exploit.

Your keys, your perpetuals.

Proof of Censorship-Resistance

The non-custodial nature of the Futureswap platform already greatly limits any potential for censorship. More than that though, Futureswap has a strong track record of being secure and resistant to attacks that could censor the system. The last two versions of the protocol have processed over $4,200,000,000 in volume with zero downtime outside any of Ethereum’s own downtime. And over the past year, several hackers have tried to attack the network and failed.

Just under $1 million has been spent on code audits from OpenZeppelin and Trail of Bits, as well as code reviews from white-hat hackers. Significant amounts of V4’s contract code will also be open-sourced, so anyone can inspect the code for potential issues.

While one UI will initially be maintained by the Futureswap team, the V4 protocol will be fully composable, allowing any individual or group to build their own interfaces or integrate with an existing dApp. Designing the protocol in a composable way greatly limits censorship potential as well. No matter what a UI maintainer decides to do with their interface, the underlying protocol is unaffected.

Even if the entire Futureswap core team disappeared, Futureswap will continue to run as long as the underlying Ethereum protocol exists. V4 is designed so that the governance of the FST token and Futureswap protocol is community-driven.

Governance

How a protocol is governed is arguably the most important question to answer when it comes to evaluating how decentralized it is. To ensure that governance of the protocol is sufficiently decentralized, governance in V4 will be solely handled by FST (Futureswap Token) holders. No team or individual can control the Futureswap protocol.

Governance of the protocol and the treasury will be managed on-chain through proposals made by and voted on solely by FST holders. Submitting a proposal for a vote requires the proposer to lock 100 FST into a smart contract until the vote passes, after which, it is returned to the user. If the vote fails, the 100 FST is not returned to the proposer, as a spam-prevention mechanism. The vote itself lasts 48 hours which is hard coded. Votes can be submitted which point proxy contracts at new implementations in order to upgrade or to update exchange state variables.

In Case of Emergency

What happens if there’s an emergency like extended downtime from price oracles? There is no centralized authority that can pause or stop any of the exchanges, but FST holders can submit a governance proposal and conduct a vote to pause or stop an exchange.

When an exchange is voted to be paused or stopped, all users still have access to their funds and can withdraw at any time; only new trades and liquidity additions are disabled. When an exchange is paused, it can also be turned back on, which also requires a governance proposal and a 48-hour vote.

Insurance

Many other exchanges tout themselves as being decentralized. Yet they use a shared insurance model that exposes their traders to some of the same risks centralized exchanges pose. When there is a major downward market movement, leveraged traders can become insolvent, meaning they don’t have enough collateral to pay the other side of the trade. To cover these insolvent traders, most exchanges maintain an insurance fund that will pay out the other side.

A shared insurance fund can be easily exploited if a malicious token is listed on the exchange. In this scenario, the market for a token could be manipulated resulting in enough traders becoming insolvent that covering their trades drains the entire insurance fund, leading to the exchange itself becoming insolvent.

In Futureswap V4, there is no insurance fund or shared insurance. Instead, all exchanges are siloed, meaning that even if a malicious token is listed and causes those trading it or providing liquidity to become insolvent, it won’t have any effect on any of the other liquidity pools.

Exchange Listings

Listing a new exchange (token pair) on V4 in addition to the starting ETH/USDC pool will be handled through proposals voted on through the on-chain governance system. The aim is to have pool and exchange creation eventually be completely permissionless. The Futureswap team will have no control over which tokens will be listed because of the decentralized governance system.

Order Matching and Settlement

When you want to close a position in V4, there is no centralized order matching system to coordinate or execute trades (like dYdX). Order matching and settlement is done via liquidity pools, where you exchange with a liquidity pool rather than another trader.

Price is determined by market forces. So while oracles are added whenever an exchange is listed, they are not relied upon except in the case of liquidation, to determine if a trader is able to be liquidated.

Trade settlement in V4 is executed on Arbitrum, a Layer 2 Ethereum scaling solution that brings down transaction fees and execution time tremendously. Arbitrum works by storing function call data (i.e., the inputs) in blocks on Ethereum’s base layer (L1) and executing the computation of those function calls off-chain (L2). If there are any disputes about the results of the L2 computations, users can replay the transactions with the same inputs on L1, ensuring its integrity. So while settlement is faster and cheaper on L2, users can opt to fall back to L1 to settle their trades if they wish.

A potential source of centralization risk comes from the sequencer algorithm Arbitrum uses to sequence transactions. With the sequencer, the Arbitrum team can reorder transactions and can theoretically exclude transactions as well. But, importantly, Futureswap users do not have to use Arbitrum’s sequencer to settle their transactions. Users can always choose to submit their transactions to the base Ethereum protocol if they have any concerns about the Arbitrum sequencer.

Grants

The decentralized governance model and planned community grants will allow protocol development to flourish even in the absence of the original team who developed it. Anyone can apply for a grant to build with Futureswap. This means that there will likely be many frontends and applications built on top of the Futureswap protocol.

Stay tuned for more exciting updates. If you have any questions or feedback, please share your thoughts with us on the official community Discord.