Click to trade: Unpacking contract law in DeFi
- Contributors
- Mar 14
- 5 min read
Updated: Mar 27
AAVE is a large player in the crypto DeFi space, enabling lending, borrowing and swapping of crypto tokens, usually on Ethereum. It has become well known for a liquidity pool model and enabling flash loans (which enable a borrower to borrow and repay crypto within the same transaction).
Users can access the Aave protocol either through direct smart contract interactions or through open source front ends, the most popular of which is operated by Aave Labs.
This week, an as-yet unidentified user entered a trade on AAVE's front end using their mobile phone. The user sought to swap US$50M of USDT for AAVE tokens. This is a pretty large trade and definitely a very large trade to be done from a mobile phone.
One important technical detail is that the trade did not involve the standard USDT and AAVE tokens directly, but rather Aave’s interest-bearing tokens: aEthUSDT and aEthAAVE. These “aTokens” represent deposits into the Aave lending protocol and accrue yield over time. While they are designed to remain redeemable for their underlying assets, secondary markets for swapping aTokens directly against each other are often significantly thinner than markets for the underlying tokens themselves.
This means that large swaps between these assets can produce extreme price impact if routed through on-chain liquidity pools rather than being unwound through the underlying tokens first. In particular, the liquidity available for direct swaps between aEthUSDT and aEthAAVE appears to have been relatively limited, meaning a transaction of this size would be highly sensitive to the routing path chosen during execution.
In this case, the user was provided a warning that the trade could lead to unexpected pricing on the tokens but clicked through to confirm the swap anyway. They received $36K worth of AAVE Tokens in return for their US$50M...
Stani, Founder and CEO of AAVE labs, said in an X post:
the Aave interface, like most trading interfaces, warned the user ... and required confirmation via a checkbox. The user confirmed the warning on their mobile device and proceeded with the swap, accepting the high slippage, which ultimately resulted in receiving only 324 AAVE in return [worth $36,297].
The transaction could not be moved forward without the user explicitly accepting the risk through the confirmation checkbox.
Events like this do occur in DeFi, but the scale of this transaction was significantly larger than what is typically seen in the space.
Stani noted that AAVE Labs would return the $600,000 in fees AAVE received from the trade if they can identify the person involved. CoW DAO, the DAO which operates CoW Protocol, which is a decentralised aggregator that routes transactions to find liquidity for trades, said:
No DEX, DEX aggregator, public liquidity pool, or private liquidity pool (or combination thereof) would have been able to fill this trade at anywhere near a reasonable price.
and confirmed that:
The transaction executed according to the parameters of the signed order.
They took the position that CoW Protocol would not build guardrails or limits on user trades as:
Preventing users from making trades removes choice and can lead to terrible outcomes in some situations (e.g. a market crash).
CoW DAO accepted that "DeFi UX still isn't where it needs to be" and confirmed that they would refund any fees from the transaction which were received by CoW DAO.
Some users on X are suspicious of the whole transaction, with @Zacodil asserting that it was likely money laundering. Many were questioning how this could possibly happen in a front end given the wildly unreasonable price, which can be seen as having been inserted into the rate of the swap that the user confirmed.
So where did the $50M go? The way AAVE works, every swap is sent through CoW Protocol. CoW Protocol has a network of 'solvers' who are responsible for finding the best execution path for a trade, with the transaction settling in one transaction, instead of a series of transactions. Unlike traditional DEX swaps where the execution path is fixed at the time the users signs the transaction, CoW Protocol operates on an 'intent-based' model. The user signs an order expressing an intent to sell one asset for another, with a minimum acceptable output, and third-party 'solvers' compete to produce a settlement that satisfies those constraints. This can protect users from Maximum Extractable Value (MEV) attacks, where someone sees an order and pays higher fees to front run that order.
But what exactly happened here:-
The wallet routed 50.43M USDT, which had been received from Binance 20 days earlier, into AAVE Cow Protocol / CowSwap.
The 'solver' swapped USDT for 17,958 WETH, losing $13.6M due to slippage).
The WETH was then routed into a small SushiSwap AAVE/WETH pool, which delivered only 331 AAVE (worth $36K) in return to the user.
The settlement appears to have involved flash-loan liquidity and MEV-style execution strategies. Flash loans allow large amounts of capital to be borrowed and repaid within a single transaction, enabling complex arbitrage and routing strategies that would otherwise require significant capital.
In this case, priority fees appear to have been paid to block builders or validators to ensure the transaction was included in a block, capturing a large portion of the value created by the execution. This route was facilitated by an automated MEV bot which borrowed $29M of WETH with a flash loan from Morpho Protocol and paid priority fees (known as tipping) to miners to the tune of $20M to have the transaction included in a block, leaving the bot with a $9M profit and miners with $20M of tips.
An interesting analysis has been posed by @Ehsan1579 which suggests something more serious may have occurred:
Aave’s CoW adapter quote path did not include the flash-loan and hook metadata that actually defines execution. The UI emphasized an optimistic receive amount.
This analysis suggests that the quote presented to the user and the transaction that ultimately executed may have been produced in different execution contexts. The front-end interface generated a quote based on observable liquidity routes, but the final settlement produced by a solver could incorporate additional mechanisms such as flash-loans and custom routing logic. These additional execution components were not necessarily reflected in the original quote displayed to the user.
The author here suggests that the solver deliberately chose a small liquidity pool which could not handle the order size, while ignoring a deep liquidity pool which could have provided the correct amount of AAVE to the user. The suggestion is that AAVE's use of CoW Protocol enabled one of the 'solvers' to deliberately choose a routing which they could take advantage of, and the user was not aware of this in the UX:
The user is looking at a quote produced in one context. The system later posts an order in a different context entirely.
Under the CoW Protocol model, solvers are not obligated to find the best possible execution path, but rather a valid execution path that satisfies the minimum constraints defined in the signed order. The analysis was that once the user had selected a minimum floor number of AAVE (here 324 AAVE) then any solver in CoW Protocol could 'solve' the transaction to complete the order (which does not have to be the best solution or best price). Once that minimum output threshold was set, a solver could validly settle the order using any routing strategy capable of delivering at least that amount. In practice, this meant the order could be routed through extremely thin liquidity while still satisfying the signed order parameters.
This transaction raises a raft of possible legal issues, including in relation to contractual assent and the law of mistake, which we will explore in a bit more detail in a subsequent post.
By Michael Bacina, Steven Pettigrove and Will Deeb