Fifty million dollars instantly evaporated to 36,000: DeFi risks are hidden in the fine details

Written by: 1inch

Translated by: AididiaoJP, Foresight News

Getting a quote is only the first step in verifying a transaction.

This is the real-world lesson from the March 12 incident involving Aave and CoW Swap — when a user sent $50,432,688 for a swap, ultimately only recovering $36,000.

However, this incident also raises another thought-provoking point.

Security in DeFi and self-custody are not mutually exclusive. Beneficial friction — the kind that doesn’t strip users of control but encourages careful consideration — is one of the key elements enabling permissionless finance to scale widely.

Price Impact Does Not Equal Slippage

These two concepts are often confused, and such confusion can lead to serious consequences.

Slippage refers to the difference between the quoted price you receive and the actual execution price of the trade. It occurs due to market volatility: during the time from requesting a quote to executing the trade, market conditions may change. Slippage can catch you off guard.

Price impact, on the other hand, is not the same. It stems from the size of your order. When you buy a large amount of an asset in a low-liquidity market, you consume available supply at various price levels, pushing the price against you during the trade. The quote itself already reflects this impact.

According to information from CowSwap and Aave, in the March 12 incident, before the user confirmed the trade, the quote showed a 99.9% price impact. The interface displayed a warning, and the swap button remained grayed out and unavailable until the user checked a confirmation box acknowledging the potential for a 100% loss of value.

The market was not unfavorable to the user. The real reason was that the order size was too large for the existing liquidity to absorb at near-market prices, and the quote had already clearly reflected this.

Necessary Checks Before Executing Large Swaps

When a swap interface returns a quote, it only indicates that a trading path has been found, not that the trade is economically reasonable.

Before confirming any large swap, be sure to:

Compare the expected asset amount with the current market price of that asset.

Take warnings about price impact seriously. 99.9% is not a rounding error.

For large trades, consider splitting the order or conducting over-the-counter (OTC) trades, which may yield significantly better execution results.

1inch’s Routing Mechanism

On the 1inch platform, swap transactions are routed via the Pathfinder algorithm. This algorithm scans over 300 liquidity sources to find the best feasible path. Pathfinder can split orders, route across multiple pools and chains, and optimize execution quality.

However, it cannot create liquidity that doesn’t exist.

If you query a swap on 1inch and do not receive a quote, it means Pathfinder cannot find a viable trading path. This “no quote” result is valuable information in itself, indicating that current market conditions do not support that particular trade size.

If there is a price impact, we will issue a clear warning. When you see this warning, please pay close attention.

Lessons for DeFi User Experience

The foundation of DeFi is permissionless access, and this principle should continue. Managing your own assets should not require permission from anyone.

However, we must balance this principle by approaching users in a user-friendly way.

People enter DeFi for various reasons. Early adopters were mainly driven by decentralization ideals. But as the space develops, the range of user needs has expanded. If we truly believe in DeFi’s future, we should accept that users are joining not just for ideological reasons but also for tangible benefits.

The challenge is how to strike a balance: how to provide a safer user experience without deviating from DeFi’s core principles.

In response to this incident, Aave introduced the Aave Shield feature (note: this is different from the 1inch Shield feature in the long-term security system). This feature defaults to blocking swap transactions with more than 25% price impact, but advanced users can override this setting.

This is a good example: setting practical “friction” before users confirm high-risk operations, without depriving anyone of the right to proceed.

The goal of DeFi user experience is not to prevent users from making choices but to ensure those choices are made with full information and the opportunity to reconsider. Self-custody means users are in control. And this control is most valuable when users clearly understand what they are confirming.

Widespread adoption of DeFi will not come from adding restrictions but from making it easier for users to understand their actions beforehand. This is a user experience challenge and a shared goal for the entire industry.