Case studies

Throughout this year, liquidity provision on Solana has shifted towards so-called "dark AMMs", which are proprietary programs run by market makers. In contrast to usual AMMs, dark AMMs are actively managed and can be updated as frequently as every slot. They are frontend-less; instead, they adhere to interfaces defined by popular aggregators such as Jupiter, allowing users to access this liquidity implicitly. SolFi is one of the originals and a good example to understand how they work better.

Briefly describe the methodology that was used to achieve the result, and provide a link to a private Dune query if necessary.

1. Focusing only on the SOL/USDC market during July 2025 and for only flow via Jupiter, find:
   • The top 3 dark AMMs by volume.
   • For each of the top 3, the top taker by volume. Note, if you find it difficult to get accurate prices at trade time, you can fix SOL to $150 and USDC to $1.
2. Short written answers are enough for this part.
   • Explain how you would estimate PNL for dark AMMs.
   • How can sophisticated actors take advantage of dark AMMs?
   • How can dark AMMs manage the threats from sophisticated actors?
3. Assume actors are rational and would only operate a dark AMM if pnl >= 0. Calculate the lower bound for revenue for SolFi since the start of 2025.

You were responsible for the tech due diligence of a new shiny Ethereum SVM L2, which just launched testnet. In the end, you passed on investing because of multiple red flags, but now you want to check how's it going.

1. Their testnet had no downtime, but was the blob posting on Celestia also consistent? If not, what were the gaps in posting?
2. For good or bad, this L2 went live. What were the top-5 activity sources for last month, and what's their economic sense?
3. Amongst whale depositors, you found one of the market makers. What do they do on the L2? Provide a few examples of DeFi positions they had there. Provide explorer links, if possible.

It turns out that Vyper has a bug, and some of the Curve pools were vulnerable, so you observed how, despite whitehat efforts, three different pools were drained. A few days later, you found that exploiters returned funds for two of them, but what about the CRV/ETH one? You have reasons to believe that this exploiter is responsible for some of the other DeFi exploits that have occurred in the same year.

Please provide at least two examples (with different exploiter EOAs) of the previous exploits with Etherscan links and the reasoning that proves connections (some high-level details about the methodology could be helpful for solidifying proofs as well). You can’t use any data after 5th August, 2023 to prove your points.

UwU Lend was drained for $20M a few days ago, and you found that the exploiter’s Llamalend position became unhealthy, so it’s time to liquidate it. You have no capital at the moment, so the only way to do it is by using a flash loan.

Do whatever it takes to have at least 20k CRV in your registered wallet after the liquidation.

It's November 10, 2022, and you see Twitter threads about how USDT is becoming the dominant asset in the 3CRV Curve pool. You're confident that USDT will be fine, so you already ported all stablecoins to it ($7M). The question is, could you get even more USDT exposure?

You think that lending is a good option, but there is almost no USDC supply for borrowing on Aave v2, so you need to be creative. Although Aave v1 was deprecated (we rolled this back for the sake of the challenge), you see that there are still funds there. You also remember that some yield optimizers have integrations with Aave v1, so maybe there is a way to utilise the optimizers to increase v1 USDC reserve by 700k?

You should finish the challenge with 7M USDT lent to Aave v1 and 3.5M+ USDT balance on the registered wallet. You should borrow ~3.5M USDC from Aave v1 after using optimizers to solve this case study.

You're an operator of one of the most successful generalized MEV bots and often prevent exploits before they even happen. But when the CRV/ETH hack happened, your setup wasn't capable of performing a whitehat. You decided to take the contract deployment transaction, modify the bytecode (to learn how to handle similar situations in the future), and test it in a forked environment.

Could you execute the frontrun with this modified contract and then withdraw all saved funds to your wallet?

Oi, you’re enjoying your cuppa tea and scrolling Twitter, where you noticed the post that Euler was exploited an hour ago (it’s block 16818350 now). Realizing that you have exposure to it by depositing ETH previously and holding 4.7k eWETH at the moment, you want to save as much out as you can.

Withdraw as much as you can from Euler markets with supply still left in them. With a hack of this size, you think it’s over. Dump all tokens you gathered into USDC and end with at least 2.5M USDC in your wallet.

We ended with 4M USDC, let us know if you beat it.

UPD: hklst4r ended with 5M USDC, who can save more?

UPD 2: tonyke ended with 6.17M USDC, is it even possible to save more?

Imagine that one of the large stETH holders (in an illegal way) just sold tokens using only onchain AMM pools with horrible execution. All explorers are down, so you can’t easily find what pools are skewed at the moment (you can try Tenderly for a 25% score cut, though), but you’re sure it should be the largest ones, so feel free to check via RPC.

You don’t have any capital at the moment, but you think you can find a way to return at least 75M USDC to the victim (just hold funds in your wallet for the verification). Can you?

We ended with 85M USDC in this hardly imaginable situation, let us know if you beat it.

UPD: twxia ended with 88.8M USDC, who can save more?