Rosen Bridge Origins: Understanding Problems/Frustrations with Current Gateways, and Gatekeepers.

Part 1

Centralized cryptocurrency exchanges (CEXs) are often seen as the gateway to the crypto world, offering convenience and liquidity. However, they come with significant security and transparency concerns that users should carefully consider.

At a gateway, they naturally are gatekeepers. Middlemen.

Do they do a good job informing, educating, and advancing cryptocurrency and the principles that lead to this industry? Its a tradeoff there has been some nice content, however increasingly CEX’s are becoming digital Zoo’s listing animal tokens, and promoting insider funded projects.

I guess the best analogy I have heard is like using a public toilet. Get in handle your business and get out.

Here’s a closer look at why CEXs may not always provide the greatest security or transparency, and a part of what lead to the initial design and idea behind Rosen Bridge. Assumptions for a better system that would benefit us.

Exchange environments offer suboptimal assumptions, are expensive for projects to work with and leave a lot wanting in terms of transparency.

Inclusive accountability is one of the best features of a public ledger. The ability to concisely understand vectors on control, trade ordering, and net leverage, are critical aspects to understanding the economic assumptions of any protocol or market.

CEX Dysfunction

Centralized exchanges are operated by single entities or companies, which inherently centralizes control and oversight. This centralization can lead to various dysfunctions. For example, if the exchange’s internal systems are compromised or fail, it can result in significant disruptions, including loss of funds or trading halts. The concentration of power also means that any internal problems or decisions can affect all users, often without transparent explanations or effective recourse for the individuals impacted.

We often read about hacks and exploits first from individuals who watch on chain data vs central exchanges themselves. Fortunately we have some great twitter slueths out there.

Unknown Key Management

In a centralized exchange, users typically deposit their funds into the exchange’s wallet. The private keys to these wallets are controlled by the exchange, not the individual users. This means users must trust the exchange to securely manage these keys. If the exchange’s security is compromised, or if the exchange itself is dishonest, users’ funds are at risk. The lack of control over private keys puts users in a vulnerable position, as they have no way of verifying or controlling how their assets are stored or managed.

How many keys are securing your central exchange. This is mostly unknown until they are breached and we get post mortem analysis.

Unknown Race Conditions

Race conditions can occur in the trade matching engine of a centralized exchange. These are scenarios where the order in which trades are processed can influence the outcome of trades. If the trade engine is not perfectly designed and managed, it can be susceptible to front-running — a situation where insiders or the exchange itself can exploit delays to gain a trading advantage. This can undermine fair market practices and erode user trust in the fairness of the trading process.

Race conditions, the rules, and operations are what make markets orderly. This is one area why Decentralized exchanges are so much better for public markets than Centralized exchanges. On chain data can be audited and understood.

This is by far the lowest risk/ highest profit attack vector, as any time a user touches the market buy, ordering advantages could extract value from the user.

MEV refers to all of the money that can be extracted by reordering, viewing, adding, including, or excluding transactions within a block.

The same environment exists in a centralized trading/matching engine, but we can’t see or understand anything so have no way of actually understanding if, or how that works. Its a black box.

Unknown Leverage/Rehypothecation

Centralized exchanges often provide leverage products, allowing users to trade with borrowed funds. However, the specifics of how this leverage is managed, including any rehypothecation practices (where the exchange might use customer assets for its own purposes), are not always transparent.

Rehypothecation can increase systemic risk if the exchange faces financial trouble, as borrowed funds might be tied up in multiple layers of obligations. Users typically have little insight into these practices, leaving them at risk of unexpected financial exposure.

It is impossible to know who is taking both sides of a trade in leveraged products of if they have sufficient collateral, how trades unwind, and how this is covered. Again DeFi is a much better environment for clear assumptions.

Unknown Audits

Auditing is a crucial aspect of ensuring transparency and security in financial operations. For centralized exchanges, the results of internal or external audits are often not fully disclosed to the public. This lack of transparency means users cannot independently verify the health and integrity of the exchange.

Without regular and transparent audits, users are left to trust that the exchange operates honestly and securely, despite having little to no visibility into the audit processes or outcomes.

In theory all an exchange needs to do to remain “solvent” when sketchy things are occuring is cover withdrawls.

Unknown Listing Requirements

The criteria and processes for listing cryptocurrencies on a centralized exchange are often opaque. Users might not know the specific requirements or standards that a token must meet to be listed. This lack of transparency can lead to situations where tokens with questionable legitimacy are listed, potentially exposing users to higher risks. Furthermore, the exchange’s internal biases or business relationships might influence which tokens are listed, affecting market dynamics and fairness.

Scale to Market Costs for Projects

The costs associated with listing a new cryptocurrency or token on a centralized exchange can be substantial and often lack transparency. These costs can include listing fees, ongoing administrative fees, and other hidden expenses. Without clear and transparent pricing models, it becomes difficult for projects, especially open-source or community-driven initiatives, to understand or manage the financial implications of scaling across multiple exchanges. This opacity can disadvantage smaller or emerging projects that may not have the resources to navigate these costs, potentially stifling innovation and favoring well-funded projects or those with insider connections.

Its a small club and some of the best developers and technologists I know are not in it. When value becomes more important than principle, quality degrades. I kind of feel like we are seeing that more broadly looking at what exchanges are supporting.

Seed to Market Pipeline

Many centralized exchanges have venture capital arms or investment arms that fund startups and emerging projects. This creates a potential conflict of interest, as exchanges might give preferential treatment to the tokens or projects in which they have invested.

Such preferential treatment can manifest in faster listings, more prominent exposure, or better trading terms for these projects. This not only distorts market fairness but also undermines the level playing field that many users expect.

When exchanges profit from the success of their own investments, it can create an uneven market environment that favors certain players over others, impacting the integrity and competitive nature of the crypto market.

It is weird to imagine that the Nasdaq would have a venture seed arm. People would probably get quite upset.

Internal Attack Vectors

Centralized exchanges are inherently susceptible to various attack vectors due to their concentration of user funds and data. High-profile breaches and hacks have shown that these platforms can be targets for malicious actors. The centralization of assets and information in one place creates attractive targets for cyberattacks. A successful breach can compromise not only the security of individual user funds but also the overall trust in the exchange and, by extension, the broader market. Additionally, the centralization of data can expose users to risks from internal threats, including potential misuse by exchange employees or executives. Just because something is multi signature based does not really mean much as it can be one person still. Within a single organization this can be problematic.

The truth is this… When a hack occurs, the first assumptions should always be it was someone on the inside, with intimate knowledge of the exploited system.

I won’t even talk about mandatory KYC…

From cypherpunks wanting to resist the potential powers of a survillance state to “KYC please” is a hell of a rotiation.

I will just remind everyone that mining a crypto currency allows users to buy an asset with hardware and electricty KYC free.

It is one of the amazing features of PoW.