How Does Raydium Work?
The largest decentralized exchange on Solana, combining traditional liquidity pools with an on-chain order book. It holds $2.3B in deposits. Its C+ grade reflects a 2022 hack through a compromised admin key and the risk that admin-level access to pool settings has not been fully eliminated.
TVL
$1.0B
Sector
DEX
Risk Grade
C+
Value Grade
C+
Core Mechanisms
AMM/Concentrated-Liquidity
Concentrated Liquidity Market Maker (CLMM) pools with custom tick ranges on Solana
Adapted Uniswap V3-style concentrated liquidity to Solana's account model; standard mechanism but Solana-specific implementation risks.
AMM/Constant-Product
Legacy constant-product (CPMM) pools for long-tail token pairs
Standard x*y=k AMM for permissionless token listing. Eight CPMM pools were drained in the 2022 exploit.
DEX/Orderbook-Integration
Hybrid AMM with on-chain orderbook integration via OpenBook
Combines AMM liquidity with OpenBook's central limit order book, sharing liquidity across both venues. Novel integration pattern unique to Solana ecosystem.
Launchpad/Token-Launch
NovelLaunchLab for permissionless token creation with bonding curve migration to CLMM
Tokens start on a bonding curve and automatically migrate to CLMM pools at a market-cap threshold; novel launch-to-liquidity pipeline.
Fees/Dynamic
Dynamic fee model adjusting based on volatility and pool utilisation
Fees adjust to market conditions; standard adaptive fee pattern seen in other DEXs.
Governance/Token
RAY token for fee sharing and governance votes
RAY stakers receive protocol fee revenue share. Standard governance token model.
Admin/Privileged-Key
Admin authority over pool parameters and fee withdrawal functions
Admin key controlled withdrawPNL and pool parameters; exploited in 2022 hack. Post-exploit upgrade removed admin control over exploited parameters.
How the Pieces Interact
Compromised admin key allowed direct invocation of withdrawPNL to drain pool fees and underlying liquidity, bypassing all LP protections.
Shared liquidity across AMM and orderbook creates a complex attack surface where manipulation on one venue can exploit pricing on the other.
Automated migration from bonding curve to CLMM creates a predictable liquidity event that sophisticated actors can front-run or sandwich.
Solana network congestion or outages halt all Raydium trading and LP operations, trapping liquidity providers during volatile markets.
Interaction between dynamic fee adjustments and narrow LP tick ranges can create unexpected impermanent loss during high-volatility regimes.
What Could Go Wrong
- Admin key compromise led to $4.4M exploit in Dec 2022, exposing centralised control over pool parameters
- Hybrid AMM-orderbook model creates complex interaction surface between CLMM and CPMM pools
- Heavy dependence on Solana runtime availability — network outages halt all trading and LP operations
Admin Key Compromise Pool Drain
ElevatedTrigger: Remaining admin privileges over pool parameters or fee functions are exploited via compromised keys or social engineering, similar to the December 2022 attack vector
- 1.Attacker gains access to admin authority through key compromise or insider threat — Admin invokes privileged functions to withdraw pool fees or manipulate parameters
- 2.Multiple CPMM and CLMM pools drained of accumulated fees and potentially underlying liquidity — Direct theft of $10-50M depending on scope of remaining admin privileges
- 3.LP providers discover pools are drained and rush to withdraw remaining liquidity — Bank run on all Raydium pools as trust collapses; TVL drops 50-80% within hours
- 4.RAY token price crashes as protocol security is questioned — Fee-sharing revenue to RAY stakers collapses; governance token loses fundamental value
- 5.Solana ecosystem DEX volume migrates to competitors (Orca, Jupiter) — Raydium loses dominant DEX position; TVL recovery takes months or never occurs
Risk Profile at a Glance
Overall: C+ (38/100)
Lower score = safer