Technical

How to bypass IDEX exchange frontend and two cents on meta transaction

Having audited IDEX exchange Solidity smart contract, I’ve learned a great deal about how it works and to my surprise this knowledge became very useful much sooner that I imagined. As you will find out in this post, there is a way to withdraw ether and ERC20 tokens from the exchange bypassing the IDEX frontend UI. But before I go into this, let’s first understand the reasons for why and when you would ever need this.

Importantly, IDEX as it currently stands, is not a fully trustless exchange. Once you deposit your crypto funds and start trading, you are not interacting with the Ethereum blockchain directly. For most of the time you are depending on IDEX to interact with the smart contract on your behalf. What you do is sign messages of intent (e.g. trade tokens for ether, withdraw funds) and those messages are then put onto the blockchain or in other word relayed by IDEX on your behalf.

There are two key takeaways from this that I want to bring to your attention.

The first one, is the idea of relaying transactions. This is precisely how IDEX became cheaper, faster and easier to use than fully on chain exchange like EtherDelta. Relaying transactions is a very powerful concept, and taken to the next level it becomes something called meta or gasless transactions. It allows to send ether or tokens or interact with smart contracts in any other way from empty accounts, without holding any ether to pay for the transactions fees called gas. This approach is revolutionising the way that users get on-boarded onto Ethereum and significantly improving their experience and at the same time opening new doors for innovative blockchain applications. One of the leading projects in this space that you should have an eye for is called Tenzorum. There is also a new exchange in town, similar in the architecture to IDEX, but allowing to trade options on ERC20 tokens called DexBrokerage. If you would like to learn more on how to bet on future price of tokens, check out this post “Decentralized Call and Put Options on Dex Brokerage Explained” by Alex George.

And the second takeaway comes from the fact that the exchange is not fully trustless. I’m not saying you cannot trust IDEX, what I’m saying is that if for some reason, like a technical glitch, their frontend or backend stopped working, your funds are stuck. In other words, if you cannot get your messages relayed by IDEX, you cannot withdraw your precious crypto this way. What actually happened to me, and became the main motivation for this post, is that one of the tokens I had on IDEX got delisted and I couldn’t withdraw anything that was on orders. And since there was no more trading going on, I couldn’t remove them from the order book what simply meant that my tokens were stuck.

And this brings me to how you can recover them yourself. There is an emergency hatch in the Solidity smart contract in the function called withdraw and it can be called directly and succeed under certain conditions.

So without further ado, here’s how to do it. Firstly, check what is the exact balance for a given token for your account deposited on the exchange. You can do it directly on Etherscan. In the function called tokens insert your given token address as the first parameter or 0x0000000000000000000000000000000000000000 for ether. And your wallet address as the second parameter. It should look something like on my screenshot below. Make sure you record the number, in my case, I checked for tokens and my balance is 37891……

Secondly, a certain amount of blocks must have passed from when you performed the last transaction. It’s called inactivityReleasePeriod and it’s like a cooldown period that must elapse before you can withdraw anything directly. (and it’s to prevent you from messing too much their relaying….). It was set to minimum 100,000 blocks (around 17.5 days) as captured here:

In my case, this number is bigger than that so my blockchain call should succeed, otherwise the call will definitely revert.

We can now progress to the last stage and withdraw our funds. Easiest way is to so is by using MyEtherWallet or MyCrypto to interact directly with the deployed smart contract. I’ve used the latter so lets head to MyCrypto. In the Contracts, Interact tab, we have to paste IDEX exchange smart contract address into Contract Address box, which is 0x2a0c0dbecc7e4d658f48e01e3fa353f44050c208.

And paste the below into the ABI / JSON Interface box:

[{"constant":false,"inputs":[{"name":"token","type":"address"},
{"name":"amount","type":"uint256"}],"name":"withdraw","outputs":
[{"name":"success","type":"bool"}],"payable":false,"stateMutability":"nonpayable","type":"function"}]

Now, press Access and in the Read / Write dropdown you should see and select withdraw and insert 0x0000000000000000000000000000000000000000 for ether or your designated token address into token address box. It should look like in the below screenshot:

Having done that, you have to sign the transaction using your private key which you have stored on either MetaMask/Ledger/Trezor/JSON Wallet etc. Sign and send the transaction like in the following:

Once mined, this transaction should finally liberate your ether or tokens like visible on the following screenshots:

 

To conclude this withdrawing adventure, I managed to free up my tokens, but it also messed up with IDEX displayed balances. As my tokens and ether were already withdrawn their balances should’ve been been zero’ed out (and On Orders too), but as you can see below, they weren’t. Consequently, I wouldn’t recommend using this method of withdrawal, unless your funds are really really stuck.

I hope that you have enjoyed reading this article. Please do get in touch with Wisent Capital if you would like help with any of your blockchain projects.

Disclaimer, I have been contributing to the success of both Tenzorum and DexBrokerage projects by leading their blockchain efforts and I also helped IDEX via Toptal in researching different ways for improving their exchange’s performance and gas optimisations.

Previous ArticleNext Article
1 Star2 Stars3 Stars4 Stars5 Stars (1 votes, average: 5.00 out of 5)
Loading...
Radek Ostrowski
Blockchain Engineer and open source contributor, particularly interested in Ethereum and Smart Contracts. In the fiat world, experienced in Big Data/Machine Learning projects. Co-creator of PlayStation 4 backend. Successful hackathon competitor.

1 Comment

Leave a Reply

Your email address will not be published. Required fields are marked *