Losing millions due to reentrancy, inefficient capital usage in pools, and flash loan manipulation — these are real risks that we eliminate at the design stage. Our team has built 50+ DeFi projects, each audited for security. Users never relinquish control of funds: all swaps execute on-chain, custody stays in the wallet. Uniswap V3 handles over $1B daily — DEX is becoming the standard for token trading. We build exchanges with AMM, order books, or hybrid architecture tailored to your project.
Problems We Solve
- Inefficient liquidity usage: constant product leaves 90% of funds idle. We implement concentrated liquidity, boosting efficiency 10–100x. This can generate up to 10x more fee income for LPs at the same volume.
- Flash loan price manipulation: TWAP oracle protects against single-block manipulation. The average price over N seconds makes attacks economically unviable. Security audits by Trail of Bits start at $50,000 but prevent multi-million losses.
- Frontrunning and MEV: slippage tolerance and deadline are standard protection. For large trades, we use private mempools (Flashbots).
- Security audit: every contract is tested for reentrancy, overflow, access control. Recommended auditors: Trail of Bits, OpenZeppelin Security.
How We Do It: Stack and Case Study
We use Solidity 0.8.x with OpenZeppelin, Foundry for testing, ethers.js/viem for the frontend. Below is a Constant Product Pool implementation with 0.3% fee, reentrancy guard, and K invariant.
// SPDX-License-Identifier: MIT
pragma solidity ^0.8.20;
import "@openzeppelin/contracts/token/ERC20/IERC20.sol";
import "@openzeppelin/contracts/token/ERC20/ERC20.sol";
import "@openzeppelin/contracts/utils/math/Math.sol";
import "@openzeppelin/contracts/security/ReentrancyGuard.sol";
contract ConstantProductPool is ERC20, ReentrancyGuard {
address public immutable token0;
address public immutable token1;
uint256 private reserve0;
uint256 private reserve1;
uint256 private constant FEE_NUMERATOR = 997; // 0.3% fee
uint256 private constant FEE_DENOMINATOR = 1000;
event Swap(address indexed sender, uint256 amount0In, uint256 amount1In,
uint256 amount0Out, uint256 amount1Out, address indexed to);
event Mint(address indexed sender, uint256 amount0, uint256 amount1);
event Burn(address indexed sender, uint256 amount0, uint256 amount1, address indexed to);
constructor(address _token0, address _token1) ERC20("LP Token", "LP") {
token0 = _token0;
token1 = _token1;
}
// Add liquidity
function mint(address to) external returns (uint256 liquidity) {
uint256 balance0 = IERC20(token0).balanceOf(address(this));
uint256 balance1 = IERC20(token1).balanceOf(address(this));
uint256 amount0 = balance0 - reserve0;
uint256 amount1 = balance1 - reserve1;
uint256 totalSupply_ = totalSupply();
if (totalSupply_ == 0) {
liquidity = Math.sqrt(amount0 * amount1) - 1000;
_mint(address(0xdead), 1000);
} else {
liquidity = Math.min(
amount0 * totalSupply_ / reserve0,
amount1 * totalSupply_ / reserve1
);
}
require(liquidity > 0, "INSUFFICIENT_LIQUIDITY_MINTED");
_mint(to, liquidity);
reserve0 = balance0;
reserve1 = balance1;
emit Mint(msg.sender, amount0, amount1);
}
// Remove liquidity
function burn(address to) external returns (uint256 amount0, uint256 amount1) {
uint256 liquidity = balanceOf(address(this));
uint256 totalSupply_ = totalSupply();
amount0 = liquidity * reserve0 / totalSupply_;
amount1 = liquidity * reserve1 / totalSupply_;
require(amount0 > 0 && amount1 > 0, "INSUFFICIENT_LIQUIDITY_BURNED");
_burn(address(this), liquidity);
IERC20(token0).transfer(to, amount0);
IERC20(token1).transfer(to, amount1);
reserve0 = IERC20(token0).balanceOf(address(this));
reserve1 = IERC20(token1).balanceOf(address(this));
emit Burn(msg.sender, amount0, amount1, to);
}
// Swap
function swap(uint256 amount0Out, uint256 amount1Out, address to, bytes calldata data)
external nonReentrant returns (uint256 amount0In, uint256 amount1In)
{
require(amount0Out > 0 || amount1Out > 0, "INSUFFICIENT_OUTPUT_AMOUNT");
require(amount0Out < reserve0 && amount1Out < reserve1, "INSUFFICIENT_LIQUIDITY");
if (amount0Out > 0) IERC20(token0).transfer(to, amount0Out);
if (amount1Out > 0) IERC20(token1).transfer(to, amount1Out);
uint256 balance0 = IERC20(token0).balanceOf(address(this));
uint256 balance1 = IERC20(token1).balanceOf(address(this));
amount0In = balance0 > reserve0 - amount0Out ? balance0 - (reserve0 - amount0Out) : 0;
amount1In = balance1 > reserve1 - amount1Out ? balance1 - (reserve1 - amount1Out) : 0;
require(amount0In > 0 || amount1In > 0, "INSUFFICIENT_INPUT_AMOUNT");
// Check invariant with fee
uint256 balance0Adjusted = balance0 * FEE_DENOMINATOR - amount0In * (FEE_DENOMINATOR - FEE_NUMERATOR);
uint256 balance1Adjusted = balance1 * FEE_DENOMINATOR - amount1In * (FEE_DENOMINATOR - FEE_NUMERATOR);
require(
balance0Adjusted * balance1Adjusted >= reserve0 * reserve1 * FEE_DENOMINATOR ** 2,
"K_INVARIANT_VIOLATED"
);
reserve0 = uint256(balance0);
reserve1 = uint256(balance1);
emit Swap(msg.sender, amount0In, amount1In, amount0Out, amount1Out, to);
}
function getAmountOut(uint256 amountIn, uint256 reserveIn, uint256 reserveOut)
public pure returns (uint256)
{
require(amountIn > 0, "INSUFFICIENT_INPUT_AMOUNT");
require(reserveIn > 0 && reserveOut > 0, "INSUFFICIENT_LIQUIDITY");
uint256 amountInWithFee = amountIn * FEE_NUMERATOR;
uint256 numerator = amountInWithFee * reserveOut;
uint256 denominator = reserveIn * FEE_DENOMINATOR + amountInWithFee;
return numerator / denominator;
}
}
Factory and Router
The Factory creates pools via CREATE2, and the Router is the user entry point with multi-hop and ETH/WETH support.
contract DEXFactory {
mapping(address => mapping(address => address)) public getPool;
address[] public allPools;
event PoolCreated(address indexed token0, address indexed token1, address pool);
function createPool(address tokenA, address tokenB) external returns (address pool) {
require(tokenA != tokenB, "IDENTICAL_ADDRESSES");
(address token0, address token1) = tokenA < tokenB ? (tokenA, tokenB) : (tokenB, tokenA);
require(token0 != address(0), "ZERO_ADDRESS");
require(getPool[token0][token1] == address(0), "POOL_EXISTS");
bytes memory bytecode = type(ConstantProductPool).creationCode;
bytes32 salt = keccak256(abi.encodePacked(token0, token1));
assembly { pool := create2(0, add(bytecode, 32), mload(bytecode), salt) }
ConstantProductPool(pool).initialize(token0, token1);
getPool[token0][token1] = pool;
getPool[token1][token0] = pool;
allPools.push(pool);
emit PoolCreated(token0, token1, pool);
}
}
contract DEXRouter {
address public immutable factory;
address public immutable WETH;
function swapExactTokensForTokens(
uint256 amountIn,
uint256 amountOutMin,
address[] calldata path,
address to,
uint256 deadline
) external returns (uint256[] memory amounts) {
require(deadline >= block.timestamp, "EXPIRED");
amounts = getAmountsOut(amountIn, path);
require(amounts[amounts.length - 1] >= amountOutMin, "INSUFFICIENT_OUTPUT_AMOUNT");
IERC20(path[0]).transferFrom(msg.sender, getPool(path[0], path[1]), amounts[0]);
_swap(amounts, path, to);
}
function swapExactETHForTokens(
uint256 amountOutMin,
address[] calldata path,
address to,
uint256 deadline
) external payable returns (uint256[] memory amounts) {
require(path[0] == WETH, "INVALID_PATH");
amounts = getAmountsOut(msg.value, path);
require(amounts[amounts.length - 1] >= amountOutMin, "INSUFFICIENT_OUTPUT_AMOUNT");
IWETH(WETH).deposit{value: amounts[0]}();
IERC20(WETH).transfer(getPool(path[0], path[1]), amounts[0]);
_swap(amounts, path, to);
}
}
Why Security Is Critical for DEX
A DEX manages real user funds. Any vulnerability — reentrancy, flash loan attack, or price manipulation — can lead to millions in losses. We apply:
- ReentrancyGuard from OpenZeppelin on all external functions.
- TWAP oracle to protect against spot price manipulation.
- Invariant K check including fee on every swap.
- Slippage tolerance and deadline — users control maximum slippage and transaction lifetime.
Example TWAP implementation:
uint256 price0CumulativeLast;
uint256 price1CumulativeLast;
uint32 blockTimestampLast;
function _updatePriceAccumulators() private {
uint32 blockTimestamp = uint32(block.timestamp);
uint32 timeElapsed = blockTimestamp - blockTimestampLast;
if (timeElapsed > 0 && reserve0 != 0 && reserve1 != 0) {
price0CumulativeLast += uint256(UQ112x112.encode(reserve1).uqdiv(reserve0)) * timeElapsed;
price1CumulativeLast += uint256(UQ112x112.encode(reserve0).uqdiv(reserve1)) * timeElapsed;
}
blockTimestampLast = blockTimestamp;
}
How the Development Process Works
- Analytics: determine DEX model, tokens, pool parameters.
- Design: architecture of smart contracts, router, oracles.
- Implementation: write contracts in Solidity with Foundry, frontend with React/wagmi.
- Testing: unit tests, integration tests, fuzzing (Echidna).
- Audit: external security audit (Trail of Bits, OpenZeppelin).
- Deploy: deploy on mainnet/L2, verify contracts on Etherscan.
- Support: monitoring, updates, improvements.
Example LP income calculation
With daily trading volume of $1M and a 0.3% fee, the pool's daily income is $3,000. For an LP with a 1% share, that's $30 per day. Concentrated liquidity can increase this income up to 10x at the same volume.Estimated Timelines
| Component | Time |
|---|---|
| AMM core contracts | 4–6 weeks |
| Factory + Router | 3–4 weeks |
| TWAP oracle | 1–2 weeks |
| Subgraph (analytics) | 2–3 weeks |
| Frontend (swap + liquidity) | 4–6 weeks |
| Smart contract audit | 4–8 weeks |
A DEX MVP on mainnet: 4–6 months including audit. The cost is determined individually — contact us for an estimate.
What's Included
- Smart contracts for AMM, Router, Factory (with source code).
- TWAP oracle and Chainlink integration if needed.
- Frontend with wallet support (MetaMask, WalletConnect).
- Subgraph (The Graph) for analytics.
- Documentation (architecture, deployment guide).
- Security audit (certified auditors).
- Technical support for 3 months after launch.
Order your DEX development from us — get a ready product with audit and support. We guarantee security and scalability. Contact us for a project consultation to estimate timelines and scope.







