Ambient (formerly CrocSwap) is a decentralized exchange (DEX) protocol that allows for two-sided AMMs combining concentrated and ambient constant-product liquidity on any arbitrary pair of blockchain assets. Ambient runs the entire DEX inside a single smart contract, where individual AMM pools are lightweight data structures instead of separate smart contracts. This and other design decisions makes Ambient the most efficient Ethereum-based DEX in existence.

Risk Rating

Low Risk
Assessment: 2023-11-20
Risk Assessment
Security History

Overall Score

  • Assessor
    Kop, Supergu
  • Assessment Date
Not yet undergone Underwriting review

Launched in December 2021, the protocol has demonstrated resilience and stability, effectively navigating major cryptocurrency events and maintaining a clean security record. Its risk level is lowered by the absence of a native token and comprehensive safety mechanisms, including detailed documentation on pause functions and timelocks. The smart contract's high activity and the founder’s technical expertise further strengthen the platform. Despite some concerns—such as resolved vulnerabilities, an open token listing policy, and centralized governance—the overall outlook remains positive, showcasing a robust framework prepared to manage potential risks effectively.


The AMM formula is clearly documented and battle-tested.
The absence of a native token eliminates associated token risks, enhancing the platform's overall security profile.
The protocol permits listing of tokens by any party without a whitelisting process, increasing the risk of fraudulent or low-quality tokens impacting the system.


The founder possesses a robust technical and engineering background, underpinning the platform's innovative development.
There are minimal legal or regulatory risks associated with the protocol.
The platform's rebranding from CrocSwap to Ambient, accompanied by changes in team personnel, could pose a risk due to potential shifts in strategic direction and operational continuity.
The governance remains centralized with no clear roadmap towards decentralization, posing risks to long-term autonomy and scalability of the protocol.


The smart contract exhibits a high level of activity.
Documentation pertaining to the pause function and timelock mechanism is comprehensive and detailed.
The platform currently lacks a bug bounty program.
An audit revealed several high-level vulnerabilities; though resolved, this incident raises concerns about the team’s initial security rigor and internal controls.