How does SundaeSwap really work?

So, I played around with SundaeSwap a bit. And when I look at my swap order https://cardanoscan.io/transaction/fe69adb3a23610af411f4b1dddf30d666267b81cd337ba195859b81bc9bd31ed, there is not really information, about what I ordered in there. The metadata of that transaction is just a meager { msg: [ "SSP: Swap Request" ] }.

Do they still store the exact orders in their own database and not on the chain?
How is that then secured by a “smart” contract?
Couldn’t they or a bug in their system or someone hacking their system use the inputs to make arbitrary swaps instead of the ordered one?

I would have expected the actual order to be encoded in the metadata and the contract to be written in a way that absolutely ensures that the order is executed in exactly this way or cancelled, but nothing else.

I was thinking about that as well. Also, how does a contract know of my slippage parameters.
I don’t know for sure, but I’m assuming they use tokens with in transactions to make sure that nothing can be inserted between the steps. This is my best guess. :man_shrugging:

Your transaction tries to redeem a swap.
A Tx token gets created with Tx parameters in this new UTxO.
Each new step of the contract checks for this token being part of UTxO, otherwise invalid.
Contract gets signatures and checks all states (such as your slippage % vs price, etc…)
Contract then issues new UTxOs.

The absence of Tx token would invalidate any injected code.

As for of chain… there has to be some info for creation of those tokens of chain. That may be how they insert your specific info from they website into a transaction (if needed).

All this is just a guess based on how little I know about smart contracts and Plutus. :smiley:

Also, your Tx is just like a request Tx and contains no contract

  • Time 23-01-2022, 02:43

  • Epoch / Slot 316 / 190726

  • Block 6806882 (0ebc…65b3f109)

  • Output 27.723 ₳ 27.72326

  • Deposit 0 ₳

  • Confirmations 5639 confirmed

  • Fee 0.213 ₳

  • Size 0.6kB

  • Lock 23-01-2022, 06:29

  • Contract n/a <------------------------------------------------------------

Transaction Message

SSP: Swap Request

You can check what Tx with contract in it look like here:

If you find something cool, share :smiley:

1 Like

Thanks for thinking with me.

It was the only transaction initiated and signed by me. So, …

Even if there was such a token (couldn’t find one, also in the incoming transaction of the successful swap), it wouldn’t be signed by me. They seem to be doing a decent job, that’s not the question, but if these contracts shall provide a trustless (as trustless as possible) environment, then the parameters of the swap (including slippage) should have to be signed by me.

But if this token is neither minted nor signed by me, a sufficiently powerful adversary could just mint a Tx token with the information they want instead of the ones I ordered.

I need to learn more, sometime, because:

I know, but I thought parameters (amount ordered, slippage, …) could be included in a normal transaction to the contract and then processed by it. Would seem like rather basic functionality to me.

FWIW, the result of the swap does contain some contracts (or steps in a contract? I don’t know.): https://cardanoscan.io/transaction/a0d62996677716a46a2a5afac510e38033aed7b729fc4a1a5bbfcc25120c6997
But this result is not signed or initiated by me, so from my point of view (as participant in this swap) this additional content is somehow just informational.

Looks to me like there are 3 participants.

I’m guessing holding contract, you and some API with price/slippage info (that is treated as a participant).

I think it may look something like this:

When swap contract gets a transaction from you, it waits for API/Tokens contract then all 3 multi-sign the contract.

Once contract is initialized all sates that you agreed to when entering the contract are signed by you.

Since it is UTxO contract, it can extend into any state it has in it and it would be signed already just by checking that it has signatures (not verifying the signatures or requiring more signatures) .

Token(s) that follows every UTxO would provide provenance on validity of original signatures that started the chain.

Maybe that’s how they use those LP tokens with in transaction. I also noticed that some of those LP tokens are fungible only in same TX wallet but not fungible in other wallets. I placed 2 LP orders and I have two set LP tokens that don’t combine in my wallet.

I guess something like you describe would also be, how I would build it, but I really only signed the first transaction to the contract address without any contract or more interesting metadata than { msg: [ "SSP: Swap Request" ] } in it.

Maybe, the emperor is really naked?

So the conclusion/guesss is that SundaeSwap use some smart contract to process swap Tx?

And does SundaeSwap completly decentralized?

They definitely use smart contracts to process swaps. It’s just not clear (to me) how these contracts are exactly implemented.

We know: There go some swap requests from users in there. They need “scoopers” to finally process these swaps (which I would call “not completely decentralised”, but your mileage may vary). Whyever. Finally, the contract sends everybody involved what comes out of the swap, e.g.: https://cardanoscan.io/transaction/791db79d8cc1a7199a10d26278309842c012143d6948112bb3266d26cf856d05