DEX Development (Decentralized Exchange)
A decentralized exchange is a smart contract that allows trading without an intermediary. The user never surrenders control of funds to a third party: all trades happen on-chain, settlement is atomic, and custody remains in the user's wallet. Uniswap V3 trades over $1B daily. The task: develop a DEX from scratch — from AMM mechanism to frontend.
Choosing a DEX Model
AMM (Automated Market Maker)
Liquidity is provided to pools rather than an order book. Price is determined by a mathematical formula.
Constant Product (x * y = k) — Uniswap V2 model. Simple, works for any pair. Disadvantage: capital inefficiency — most liquidity is never used.
Concentrated Liquidity — Uniswap V3 model. LPs specify a price range for their liquidity. Capital efficiency is 10–100× higher. More complex for LPs — requires active management.
Stableswap (Curve) — for assets with similar price (USDC/USDT, stETH/ETH). Minimal slippage on large volumes.
Order Book DEX
On-chain order book is expensive in gas (each placement/cancellation = transaction). Solutions: off-chain orderbook with on-chain settlement (dYdX v3, Serum), or L2-based CLOB (dYdX v4 on Cosmos).
For most EVM DEXs — AMM with concentrated liquidity.
Constant Product AMM: Smart Contract
// SPDX-License-Identifier: MIT
pragma solidity ^0.8.20;
import "@openzeppelin/contracts/token/ERC20/IERC20.sol";
import "@openzeppelin/contracts/token/ERC20/ERC20.sol";
import "@openzeppelin/contracts/utils/math/Math.sol";
contract ConstantProductPool is ERC20 {
address public immutable token0;
address public immutable token1;
uint256 private reserve0;
uint256 private reserve1;
uint256 private constant FEE_NUMERATOR = 997; // 0.3% fee
uint256 private constant FEE_DENOMINATOR = 1000;
event Swap(address indexed sender, uint256 amount0In, uint256 amount1In,
uint256 amount0Out, uint256 amount1Out, address indexed to);
event Mint(address indexed sender, uint256 amount0, uint256 amount1);
event Burn(address indexed sender, uint256 amount0, uint256 amount1, address indexed to);
constructor(address _token0, address _token1) ERC20("LP Token", "LP") {
token0 = _token0;
token1 = _token1;
}
// Add liquidity
function mint(address to) external returns (uint256 liquidity) {
uint256 balance0 = IERC20(token0).balanceOf(address(this));
uint256 balance1 = IERC20(token1).balanceOf(address(this));
uint256 amount0 = balance0 - reserve0;
uint256 amount1 = balance1 - reserve1;
uint256 totalSupply_ = totalSupply();
if (totalSupply_ == 0) {
// First liquidity: geometric mean minus MINIMUM_LIQUIDITY
liquidity = Math.sqrt(amount0 * amount1) - 1000;
_mint(address(0xdead), 1000); // lock minimum to prevent inflation attack
} else {
liquidity = Math.min(
amount0 * totalSupply_ / reserve0,
amount1 * totalSupply_ / reserve1
);
}
require(liquidity > 0, "INSUFFICIENT_LIQUIDITY_MINTED");
_mint(to, liquidity);
reserve0 = balance0;
reserve1 = balance1;
emit Mint(msg.sender, amount0, amount1);
}
// Remove liquidity
function burn(address to) external returns (uint256 amount0, uint256 amount1) {
uint256 liquidity = balanceOf(address(this));
uint256 totalSupply_ = totalSupply();
amount0 = liquidity * reserve0 / totalSupply_;
amount1 = liquidity * reserve1 / totalSupply_;
require(amount0 > 0 && amount1 > 0, "INSUFFICIENT_LIQUIDITY_BURNED");
_burn(address(this), liquidity);
IERC20(token0).transfer(to, amount0);
IERC20(token1).transfer(to, amount1);
reserve0 = IERC20(token0).balanceOf(address(this));
reserve1 = IERC20(token1).balanceOf(address(this));
emit Burn(msg.sender, amount0, amount1, to);
}
// Swap
function swap(uint256 amount0Out, uint256 amount1Out, address to, bytes calldata data) external {
require(amount0Out > 0 || amount1Out > 0, "INSUFFICIENT_OUTPUT_AMOUNT");
require(amount0Out < reserve0 && amount1Out < reserve1, "INSUFFICIENT_LIQUIDITY");
// Optimistic transfer (flash loan pattern)
if (amount0Out > 0) IERC20(token0).transfer(to, amount0Out);
if (amount1Out > 0) IERC20(token1).transfer(to, amount1Out);
// Flash loan callback if needed
if (data.length > 0) IUniswapV2Callee(to).uniswapV2Call(msg.sender, amount0Out, amount1Out, data);
uint256 balance0 = IERC20(token0).balanceOf(address(this));
uint256 balance1 = IERC20(token1).balanceOf(address(this));
uint256 amount0In = balance0 > reserve0 - amount0Out ? balance0 - (reserve0 - amount0Out) : 0;
uint256 amount1In = balance1 > reserve1 - amount1Out ? balance1 - (reserve1 - amount1Out) : 0;
require(amount0In > 0 || amount1In > 0, "INSUFFICIENT_INPUT_AMOUNT");
// Check invariant with fee: (x + 0.997*dx)(y - dy) >= x*y
uint256 balance0Adjusted = balance0 * FEE_DENOMINATOR - amount0In * (FEE_DENOMINATOR - FEE_NUMERATOR);
uint256 balance1Adjusted = balance1 * FEE_DENOMINATOR - amount1In * (FEE_DENOMINATOR - FEE_NUMERATOR);
require(
balance0Adjusted * balance1Adjusted >= reserve0 * reserve1 * FEE_DENOMINATOR ** 2,
"K_INVARIANT_VIOLATED"
);
reserve0 = uint256(balance0);
reserve1 = uint256(balance1);
emit Swap(msg.sender, amount0In, amount1In, amount0Out, amount1Out, to);
}
// Calculate output amount by AMM formula
function getAmountOut(uint256 amountIn, uint256 reserveIn, uint256 reserveOut)
public pure returns (uint256)
{
require(amountIn > 0, "INSUFFICIENT_INPUT_AMOUNT");
require(reserveIn > 0 && reserveOut > 0, "INSUFFICIENT_LIQUIDITY");
uint256 amountInWithFee = amountIn * FEE_NUMERATOR;
uint256 numerator = amountInWithFee * reserveOut;
uint256 denominator = reserveIn * FEE_DENOMINATOR + amountInWithFee;
return numerator / denominator;
}
}
Factory and Router
Uniswap-style architecture: Factory creates pools, Router — entry point for users.
contract DEXFactory {
mapping(address => mapping(address => address)) public getPool;
address[] public allPools;
event PoolCreated(address indexed token0, address indexed token1, address pool);
function createPool(address tokenA, address tokenB) external returns (address pool) {
require(tokenA != tokenB, "IDENTICAL_ADDRESSES");
(address token0, address token1) = tokenA < tokenB
? (tokenA, tokenB) : (tokenB, tokenA);
require(token0 != address(0), "ZERO_ADDRESS");
require(getPool[token0][token1] == address(0), "POOL_EXISTS");
bytes memory bytecode = type(ConstantProductPool).creationCode;
bytes32 salt = keccak256(abi.encodePacked(token0, token1));
assembly { pool := create2(0, add(bytecode, 32), mload(bytecode), salt) }
ConstantProductPool(pool).initialize(token0, token1);
getPool[token0][token1] = pool;
getPool[token1][token0] = pool;
allPools.push(pool);
emit PoolCreated(token0, token1, pool);
}
}
Router: finds exchange path (direct or through intermediate token — for example, TOKEN_A → ETH → TOKEN_B):
contract DEXRouter {
address public immutable factory;
address public immutable WETH;
// Swap with slippage protection
function swapExactTokensForTokens(
uint256 amountIn,
uint256 amountOutMin, // minimum out — slippage protection
address[] calldata path,
address to,
uint256 deadline
) external returns (uint256[] memory amounts) {
require(deadline >= block.timestamp, "EXPIRED");
amounts = getAmountsOut(amountIn, path);
require(amounts[amounts.length - 1] >= amountOutMin, "INSUFFICIENT_OUTPUT_AMOUNT");
IERC20(path[0]).transferFrom(msg.sender, getPool(path[0], path[1]), amounts[0]);
_swap(amounts, path, to);
}
// ETH → Token via WETH
function swapExactETHForTokens(
uint256 amountOutMin,
address[] calldata path,
address to,
uint256 deadline
) external payable returns (uint256[] memory amounts) {
require(path[0] == WETH, "INVALID_PATH");
amounts = getAmountsOut(msg.value, path);
require(amounts[amounts.length - 1] >= amountOutMin, "INSUFFICIENT_OUTPUT_AMOUNT");
IWETH(WETH).deposit{value: amounts[0]}();
IERC20(WETH).transfer(getPool(path[0], path[1]), amounts[0]);
_swap(amounts, path, to);
}
}
AMM Security
Reentrancy Protection
// All external calls after state update (Checks-Effects-Interactions)
// + ReentrancyGuard from OpenZeppelin
import "@openzeppelin/contracts/security/ReentrancyGuard.sol";
contract ConstantProductPool is ERC20, ReentrancyGuard {
function swap(...) external nonReentrant {
// ...
}
}
Price Manipulation (TWAP)
Spot price is easily manipulated via flash loan on one block. For oracle — Time-Weighted Average Price:
// TWAP oracle — average over last N seconds
uint256 price0CumulativeLast;
uint256 price1CumulativeLast;
uint32 blockTimestampLast;
function _updatePriceAccumulators() private {
uint32 blockTimestamp = uint32(block.timestamp);
uint32 timeElapsed = blockTimestamp - blockTimestampLast;
if (timeElapsed > 0 && reserve0 != 0 && reserve1 != 0) {
// Accumulate price * time
price0CumulativeLast += uint256(UQ112x112.encode(reserve1).uqdiv(reserve0)) * timeElapsed;
price1CumulativeLast += uint256(UQ112x112.encode(reserve0).uqdiv(reserve1)) * timeElapsed;
}
blockTimestampLast = blockTimestamp;
}
MEV Protection
Frontrunning attacks on DEX are standard. Mitigation:
- Slippage tolerance: user sets max slippage (0.5–1%), transaction reverts if exceeded
- Deadline: transaction reverts if not executed before deadline
- Flashbots / private mempool: for large swaps — send via Flashbots to prevent frontrunning
DEX Frontend Interface
import { useAccount, useReadContract, useWriteContract } from 'wagmi';
import { parseEther, formatEther } from 'viem';
function SwapInterface() {
const [tokenIn, setTokenIn] = useState<Token>(ETH);
const [tokenOut, setTokenOut] = useState<Token>(USDC);
const [amountIn, setAmountIn] = useState('');
// Get quote from contract
const { data: amountOut } = useReadContract({
address: ROUTER_ADDRESS,
abi: routerAbi,
functionName: 'getAmountsOut',
args: amountIn ? [
parseEther(amountIn),
[tokenIn.address, tokenOut.address],
] : undefined,
query: { enabled: !!amountIn && parseFloat(amountIn) > 0 },
});
const { writeContract, isPending } = useWriteContract();
const handleSwap = () => {
const deadline = Math.floor(Date.now() / 1000) + 1200; // +20 min
const minAmountOut = amountOut[1] * 995n / 1000n; // 0.5% slippage
writeContract({
address: ROUTER_ADDRESS,
abi: routerAbi,
functionName: 'swapExactETHForTokens',
args: [minAmountOut, [WETH, tokenOut.address], account.address, deadline],
value: parseEther(amountIn),
});
};
return (
<div>
<TokenInput token={tokenIn} amount={amountIn} onChange={setAmountIn} />
<SwapArrow onClick={switchTokens} />
<TokenInput token={tokenOut} amount={amountOut ? formatEther(amountOut[1]) : ''} readonly />
<PriceImpact amountIn={amountIn} amountOut={amountOut} pool={currentPool} />
<SlippageSettings />
<Button onClick={handleSwap} disabled={isPending}>
{isPending ? 'Swapping...' : 'Swap'}
</Button>
</div>
);
}
Subgraph for Analytics
The Graph — indexing on-chain events for analytics:
// schema.graphql
type Pool @entity {
id: ID!
token0: Token!
token1: Token!
reserve0: BigDecimal!
reserve1: BigDecimal!
totalSupply: BigDecimal!
swapCount: BigInt!
volumeUSD: BigDecimal!
createdAt: BigInt!
}
type Swap @entity(immutable: true) {
id: ID!
pool: Pool!
amount0In: BigDecimal!
amount1In: BigDecimal!
amount0Out: BigDecimal!
amount1Out: BigDecimal!
amountUSD: BigDecimal!
timestamp: BigInt!
sender: Bytes!
}
// mapping.ts — event handler
export function handleSwap(event: SwapEvent): void {
let pool = Pool.load(event.address.toHex())!;
let swap = new Swap(event.transaction.hash.toHex() + "-" + event.logIndex.toString());
swap.pool = pool.id;
swap.amount0In = convertTokenToDecimal(event.params.amount0In, pool.token0.decimals);
swap.amount1In = convertTokenToDecimal(event.params.amount1In, pool.token1.decimals);
swap.amountUSD = calculateUSDValue(swap, pool);
swap.timestamp = event.block.timestamp;
swap.save();
pool.swapCount = pool.swapCount.plus(BigInt.fromI32(1));
pool.volumeUSD = pool.volumeUSD.plus(swap.amountUSD);
pool.save();
}
Audit
DEX smart contracts manage real user funds. Audit is not optional:
- Reentrancy: all execution paths through nonReentrant
- Flash loan attacks: price oracle doesn't use spot price
- Integer overflow/underflow: Solidity 0.8+ with built-in checks
- Access control: only factory can create pools
- Precision loss: integer math, correct operation order
Recommended auditors: Trail of Bits, OpenZeppelin Security, Halborn.
Development Timeline
| Component | Timeline |
|---|---|
| AMM core contracts | 4–6 weeks |
| Factory + Router | 3–4 weeks |
| TWAP oracle | 1–2 weeks |
| Subgraph | 2–3 weeks |
| Frontend (swap + liquidity) | 4–6 weeks |
| Smart contract audit | 4–8 weeks |
MVP DEX on mainnet: 4–6 months including audit.