KyberSwap is a multi-chain decentralized exchange and DEX aggregator from Kyber Network — offering Kyber Elastic (a concentrated liquidity AMM), a DEX aggregator routing across external protocols for best execution, and limit order functionality; the protocol suffered a significant $46M exploit in November 2023 via a novel “infinite money glitch” in the Elastic AMM’s tick manipulation logic, representing one of the largest DeFi exploits of 2023.
Overview
KyberSwap is one of the longer-running DEX projects in DeFi — Kyber Network originally launched in 2017–2018 as a liquidity protocol on Ethereum and has evolved significantly over time. The modern KyberSwap (2021–2023 era) represents the protocol in its DEX and aggregator incarnation, deploying across 15+ chains including Ethereum, Polygon, BSC, Arbitrum, Optimism, Avalanche, Fantom, and zkSync Era.
KyberSwap offers two complementary products: its own AMM pools (Kyber Elastic — a concentrated liquidity AMM) and a DEX aggregator that routes through Kyber’s own pools alongside external DEXes (Uniswap, Curve, etc.) for the best possible price at any trade size. This dual-product approach positions KyberSwap as both a liquidity venue and a trade execution optimizer.
Products
The protocol’s products are described below.
Kyber Elastic (CLMM)
Kyber Elastic is KyberSwap’s concentrated liquidity AMM:
- Similar to Uniswap V3 in that LPs define price ranges [tickLower, tickUpper]
- Fees are only earned when price is within range
- Key distinction: reinvestment curve — fees earned within a position are automatically reinvested back into the position (compounded), unlike Uniswap V3 where fees accumulate separately and must be manually collected/reinvested
- Multiple fee tiers: 0.008%, 0.04%, 0.1%, 0.3%, 1%
- Supports any ERC-20 pair (permissionless pool creation)
KyberSwap Aggregator
The aggregator routes trades across:
- KyberSwap Elastic pools
- Uniswap V2/V3
- Curve Finance
- SushiSwap
- PancakeSwap
- Dozens of other DEXes per chain
Smart routing split trades across multiple pools simultaneously to minimize price impact and find best execution.
Limit Orders
KyberSwap offers on-chain limit orders:
- User places limit order at specified price
- Order settles when KyberSwap’s keeper network detects the price condition is met on-chain
- Gasless order placement (user signs off-chain, keeper executes)
- No need for separate orderbook DEX
KNC Token
KNC (Kyber Network Crystal) is the protocol’s governance and utility token:
- Governance: KNC holders vote on protocol parameters, fee structures, and KyberDAO initiatives
- Fee distribution: a portion of KyberSwap trading fees is converted to KNC and distributed to KNC stakers
- KyberDAO: decentralized governance body controlling protocol treasury and parameter changes
- Fixed supply with deflationary burning mechanism
The November 2023 Exploit: $46M Tick Manipulation
The following sections cover this in detail.
“Infinite Money Glitch”
The KyberSwap Elastic exploit was highly sophisticated — exploiting a flaw in the protocol’s price tick accounting:
Attack mechanism (simplified):
- Attacker used a flash loan to manipulate the price in a KyberSwap Elastic pool
- Used a novel exploit in the tick boundary crossing calculation — when price crossed a tick boundary, the accounting for “tokens owed” in the reinvestment curve had a flaw
- By cycling the price across tick boundaries in a specific pattern, the attacker could cause the pool to incorrectly believe more tokens were owed to them than were actually deposited
- This “double counting” allowed extraction of tokens not backed by real liquidity
Impact:
- ~$46M drained across multiple chains (Ethereum, Arbitrum, Optimism, Polygon, Base, Avalanche, Fantom)
- Attacker sent on-chain message to the KyberSwap team requesting 50% of treasury in exchange for returning funds
- KyberSwap suspended liquidity provision; users could still withdraw funds not in affected pools
- Significant portion of funds unrecovered; KyberSwap offered “treasury grant” partial reimbursement
Aftermath:
- Kyber Network announced significant restructuring and layoffs
- KyberSwap suspended the Elastic AMM; aggregator continued operating
- Industry lesson: concentrated liquidity AMMs with reinvestment curve features introduce additional tick-crossing complexity that requires extra audit scrutiny
Sources
- KyberSwap Documentation and Post-Exploit Report — Kyber Network, 2021–2023. Protocol documentation covering Kyber Elastic’s CLMM mechanics (tick range math, reinvestment curve design, fee tier configuration, position NFT management), aggregator routing algorithm (smart order routing across multiple DEXes, split routing mechanics, gas optimization in multi-hop routes), KNC tokenomics (KyberDAO structure, staking, voting, fee distribution), and the November 2023 exploit post-mortem (tick manipulation attack vector, affected contracts, timeline, reimbursement approach).
- “KyberSwap Elastic $46M Exploit: Novel Tick Boundary Attack Technical Analysis” — Security Research / Chainalysis, 2023. Detailed technical reconstruction of the November 2023 KyberSwap exploit — examining the exact sequence of flash loan price cycling, tick boundary crossing order, reinvestment curve accounting error, how the attacker discovered the vulnerability, estimated attack prep time, and why existing audits missed the flaw.
- “KyberSwap’s Multi-Chain AMM Aggregator Strategy: Market Position and Competitive Analysis” — DeFi Market Research, 2022–2023. Analysis of KyberSwap’s dual-product (AMM + aggregator) strategy across 15+ chains — examining whether running both products creates synergy or conflicts, TVL and volume breakdown by chain, KNC value accrual effectiveness, and competition from pure aggregators (1inch, Paraswap) and pure AMMs (Uniswap V3, Curve).
- “Reinvestment Curves in CLMM AMMs: Automated Fee Compounding and Security Implications” — AMM Design Research, 2023. Technical analysis of “reinvestment curve” design in concentrated liquidity AMMs — how KyberSwap Elastic’s auto-compounding differs from Uniswap V3’s manual fee collection, the mathematical formulation of the reinvestment curve, benefits for LPs (continuous compounding without gas cost), and the security tradeoffs of adding a second virtual liquidity pool for fee tracking.
- “KNC Token Value Accrual: Kyber Network’s Governance Token Economic History” — Token Economics Research, 2018–2023. Longitudinal analysis of KNC’s role across Kyber Network’s evolution — from the original Kyber Network DEX model (KNC burned by reserves) to the KyberDAO model (KNC staked for fee revenue) to the multi-chain KyberSwap model — examining how each iteration changed KNC’s economic model, whether governance tokens in DeFi effectively capture protocol value, and lessons from KNC’s underperformance vs ETH and DeFi indices across the same period.