Is locked liquidity actually locked? How liquidity locking provides a false sense of security: The Meerkat exit explained.

“DeFi is essential, but it has a lot of flaws. It is flourished by human greed.”

These chilling words tickled the spines of many a spurned investor as they digested this warning.

In the same digital breath, Jamboo, the anonymous tag of the self-proclaimed developer of Meerkat Finance, tweeted that the $31 million stolen from users through the DeFi project was all part of some twisted social experiment, designed to “test user greed and subjectivity.”

Meant only as a supposed takedown of “ape” culture in crypto, a culture characterized by research-free speculative investing with expectations of massive and immediate gains, all appropriated funds were “refunded” back to the victims through a variety of less-than-targeted means.

Putting aside the injustice of placing unwitting and non-consenting participants into mental and financial anguish, and possibly worse, or whether Binance quietly stepped in to rectify this bizarre situation, Meerkat still captured the pitfalls of DeFi when both entrepreneurs and investors are motivated by only one thing.

So what can we learn from this chaos?

Well, for starters, we should look at how these firms execute these heists in the first place.

In the case of Meerkat, they did so by draining liquidity, or the funds backing the exchange of their token.

Projects typically begin with the developers providing liquidity by pairing their native tokens, MKAT in this case, with another token that has more established value, such as BNB, in what is called a liquidity pool.

Now, since MKAT only exists in circulation in a pairing with BNB, MKAT’s price is set by the ratio of its supply in the pool to the supply of BNB in the pool.

So, if there’s 1 MKAT and 1 BNB in the pool, then 1 MKAT is worth 1 BNB. If there were instead 10 MKAT and 1 BNB in the pool, then MKAT is worth 1/10th of a BNB.

Make sense?

In order to trade with the 1 MKAT : 1 BNB pool, you would have to replace every MKAT you buy with at least 1 BNB so that the pool doesn’t lose its initial value. In order to trade with the 10 MKAT : 1 BNB pool, you would have to replace every MKAT you’d buy with at least .1 BNB.

So if you were able to buy 5 MKAT in the 10 MKAT : 1 BNB pool, it would leave the pool with 5 MKAT and 1.5 BNB. This means that 1 MKAT is now worth .3 BNB, as opposed to .1 BNB.

Now, typically, you’d never be able to buy up half the supply like that as such price impacts are restricted in a single trade. This is why higher liquidity is preferred because if there had been, say, 1000 MKAT and 100 BNB in the pool, my purchase of 5 MKAT wouldn’t do much to affect the value of MKAT. Projects need higher levels of liquidity to prevent such price impacts and token supply shortages.

In the case of Meerkat, the alleged scammers provided a large amount of initial liquidity which secured public confidence and allowed for larger purchases of MKAT with acceptable price impacts. Further, they time-locked this liquidity, thus preventing them from withdrawing any funds until a much later date.

The pool then began to accumulate BNB in exchange for MKAT, with the alleged scammers still owning a large majority of the pool which, again, they acquired for only the initial liquidity they provided.

As the BNB swelled up, the alleged scammers withdrew their share of the pool, thus draining liquidity, once again allowing major trades to dominate price action. With a supply shortage in the pool, one major trade dramatically impacts the price, leaving all holders wondering what happened to the value of their tokens, potentially unable to sell.

In the case of Meerkat, they were able to pull 73,653 BNB out of the MKAT-BNB pool, and 13.96 million BUSD out of the MKAT-BUSD pool, executing the largest “rug pull” on Binance Smart Chain to date.

Can any project do this to me?

Many will tell you the answer is no. This is impossible they will say. Our liquidity is time-locked. Our liquidity is burnt, meaning that tokens provided by the exchange (typically PancakeSwap) that represent ownership position of a pool were sent to an unusable address, never to be recovered.

While time-locks and burns are actions taken by legitimate developers, they aren’t as risky as you might think. For starters, the former represents essentially no risk at all if your team controls all of the tokens at launch and you’re in no rush to collect your money. Beyond the high number of potential exploits (Meerkat bypassed their timelock by replacing an “O” with a “0” in their code…) the developers could always just wait out the timelock to retrieve their initial liquidity, assuming they didn’t hand out their tokens for free otherwise.

Burning liquidity, while certainly a more confidence-raising move than a timelock as it makes those funds irretrievable, could also just be a small down payment for the sake of the long con. If the majority of tokens belong to a couple holders, they will always be able to orchestrate massive sell-offs that tank the price and fatten their wallets whether they call upon the smart contract or not.

Did you know that BTC’s top 15 holders own over 5% of the supply? Could you imagine what would happen if they suddenly decided to sell-off every last piece of BTC they had? It would collapse the entire market essentially turning BTC into a rug pull of legendary proportions, and executed by those who don’t even work on the code.

But of course, just because a project can rug you, doesn’t mean they will. Ultimately, it’s not about whether liquidity is locked, burnt, or sold to rescue gorillas. It’s about what makes sense to the majority holders of the token.

Is there a real product being developed that serves a clear need? Would they pull the rug when they could potentially make a fortune off of their product? Do they have a public team? Would they risk jail-time or worse by stealing funds after their identity is available? Is their token a $1 trillion asset? Well then I don’t think they’re going to be letting loose an exit scam anytime soon.

So take any guarantee that you won’t be rugged and throw it right out the window because, yes, a turtle’s hands are long enough to rug. Accept that a majority of projects can find a way to do so if they really want to.

After all, mysterious hackers can appear at any time and disappear into the night, with the company simply left to say they were exploited and no one can be held responsible. Next thing you know, just as suddenly as it happened, everything is hunky dory and everyone is miraculously fully paid once again (minus the couple million dollars no one seems to miss), and the token value soars back.

This is not always a death knell or necessarily malicious as we’ve seen companies like Aave bounce back from these types of hacks. But, if there’s anything that can be learned from alleged scammers, it’s that when it comes to easy money, there is always a will and there is always a way.

So for the average, honest crypto enthusiast, we here at Dessert Finance ask that you do your due diligence on every aspect of a project, in particular its utility, and avoid speculative purchases, especially those that seem too good to be true. Trust us. They are.

Instead, keep your focus on the fundamentals so you can ensure that you’ll only be enjoying the sweetest options out there!

Dessertswap is the #1 BSC Contract Audit Service on Binance Smart Chain. We provide entry level audits to anyone who needs them!

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store