MEV-Aegis: Perp88’s Newest MEV-Resistant Price Feeder API
Dragons,
We are enthused to officially announce that we have successfully launched our latest feature, the MEV-Aegis, which will improve the overall trading experience on Perp88 and enhance the robustness of our price oracle with the incorporation of price feeds from leading centralized exchanges as well as an MEV-resistant architecture that allows Perp88 to offer 0% price slippage on our leveraged trading feature.
With this update, not only will Perp88’s trading engine have more frequent price updates, but the protocol security is also enhanced, protecting our traders from two key risks:
1. Front Running Attacks 🏃♂️
Front running attacks are typically carried out by the attacker when they have access to the price feed and are able to make informed trades with the privileged information that would lead to financial gain for them at the expense of other users.
These types of attacks have become a key concern in the design of DeFi projects that are built on the EVM-compatible blockchain, such as Polygon, as they can result in significant losses for users or the protocol.
2. Price Manipulation 🕹
Price manipulation is another huge concern for DeFi platforms that rely on external sources of price data, such as an oracle, to determine asset prices. Protocols that do not have a robust price oracle (e.g. only relying on a single source of price feed or not having a validation method when there’s a deviation in price data) are exceptionally prone to price manipulation attacks.
In the case of a perpetual exchange, these types of attack would typically be the form of the attacker opening a leveraged position while manipulating the price data in the way that would allow them to generate financial return through their leveraged position.
Introducing MEV-Aegis 🛡
To protect users from these types of attacks, Perp88 has developed MEV-Aegis, a solution that makes use of the latest practices in MEV-protection and the architecture of Chainlink’s low-latency oracle.
MEV (or Miner Extractable Value) protection refers to the ability of a DeFi platform or protocol to withstand attacks that exploit vulnerabilities in the Ethereum Virtual Machine (EVM) to front-run transactions and execute them in a way that benefits the attacker.
At the core of MEV-Aegis is the Perp88 Price Feeder API, an off-chain solution that retrieves prices from trusted centralized exchanges (CEX) such as Coinbase, Binance, Bitstamp. These exchanges are chosen based on their reliability and liquidity, and the list is periodically reviewed to ensure that only the most reputable sources are included.
To ensure the accuracy of the fetched prices, the API employs a number of validation methods, including removing any outliers and checking for deviations by calculating the median of the retrieved prices. This median is then recorded in our public database along with the prices from each CEX for transparency and reference. Additionally, the API generates a hash of the price data for each time the prices are fed into the blockchain, enabling users to verify the integrity of the data by comparing the hash from our public database to the hash recorded on the blockchain.
The prices recorded on the blockchain by the API serve as the latest prices referenced by Perp88’s trading engine. In the event of a significant deviation from the Chainlink Price Oracle, Perp88 will fall back to using prices from Chainlink with a price spread, which is a margin added to ensure that the execution is fair for both buyer and seller. Once the new prices have been recorded, Perp88’s smart contracts will execute pending trade orders at the updated prices, ensuring that all trades take place at the fair market price.
MEV Aegis is the result of Perp88 team’s emphasis on delivering the best user-experience, by ensuring that users are protected from potential MEV attacks while also providing them with accurate and transparent price information. By using our Price Feeder API, traders at Perp88 can be confident that they are getting the actual market prices and that their trades are being executed fairly.
How often are prices retrieved by the Perp88 API?
Our API fetches new prices every 3-5 seconds to provide our traders with the most up-to-date prices. All market and limit orders will be executed using the “Mark Price” displayed on the Perp88 website.
Note that we can always increase the frequency of the price fetch based on the community feedback.
What happens if the Perp88 API receives incorrect prices that differ significantly from the actual prices?
If this occurs, the Perp88 smart contracts will be able to detect the price deviation and instead refer to the prices from Chainlink Price Oracle.
Can malicious attackers front-run the latest prices retrieved by Perp88?
No, they can’t. While our API retrieves prices at quite a high frequency, the process of interacting, including opening & closing a leveraged position, with perpetual contract requires creating orders that will be executed after a certain number of blocks have passed.
This ensures that no interaction on positions is atomic for either users or attackers. As a result, even if an attacker had knowledge of the next prices, their orders may not necessarily be guaranteed to be executed at those prices.
Can malicious attackers manipulate the latest prices retrieved by Perp88?
To ensure the reliability of our price sources, Perp88’s API retrieves prices from multiple leading centralized exchanges. This list of exchanges is regularly reviewed and updated to ensure the most reliable price sources are being used.
While it is theoretically possible for an attacker with significant capital to manipulate the price of BTC, ETH, or MATIC on a centralized exchange, the effect on the prices retrieved by the Perp88 API would likely be minimal. Our API validates all retrieved prices to eliminate any outliers, and in the event that a successfully manipulated price is detected, we have a deviation validation process in place to fall back on the Chainlink Price Oracle.
