fig

Squid went through a very similar thing to this, and it's been long enough now that I feel comfortable getting it off my chest It was a huge wake up call and drastically updated my view of DeFi at the time TLDR: - The block builder and MEV searcher should return the money. This is obviously the right thing to do and hopefully will set a precedent. - Infra and apps are all responsible for user losses, especially when they direct their users to a "decentralized' protocol. - DeFi 1.0 protocol+app and "code is law" models can't work as the basis for global finance. DeFi protocols should be minimized to extremely basic settlement mechanisms onchain, with most application and trade logic offchain. Truly "open" markets are disproven imo. DeFi works best when combining the exit hatch characteristics of self custody which the reg arb bringing global, 24/7 availability. Now for Squid story time: Around Christmas 2023, a user bridged $600k USDC from Ethereum to DYDX on the DYDX interface, using the Squid API under the hood. They only received $350k, resulting in a $250k loss in one transaction due to slippage. The Osmosis pools for axlUSDC/USDC only had 350k liquidity of USDC in it. The $250k got picked up by an Osmosis MEV function they had built into the chain. This $250k USDC was immediately used to buy OSMO, and the OSMO was sitting in the Osmosis treasury. Apples for apples: - Aave is DYDX - CowSwap is Squid - Uniswap is Osmosis AMM - The Block Builder and MEV Searcher are Osmosis. In contrast to Aave, the DYDX bridge UI didn't show any price impact warning. No red text or checkboxes to continue. The user may have seen the expected output on the UI ($350k), but even that might have been hidden, depending on the version of the UI he used. We had warned the DYDX team of this issue for months before the incident happened, but startups move fast and they didn't get to adding a price impact warning. From our point of view, Squid "worked as intended" (also a phrase that Stani used toward CowSwap). - Squid returned the correct quote for this bridge (600k USDC -> 350k USDC), - Squid returned the price impact (25%) - slippage was set correctly (DYDX asked for 0.1% slippage via our API, meaning anything up to 0.1% worse than the current market rate is acceptable) But this wasn't enough to protect our partner or their user. This was our big wake up call. If Squid worked exactly as intended, how can we expect our design to be successful in the real world if users can get completely wrecked? We had started building Squid in 2021, in DeFi 1.0 where "code is law" and application logic followed the same wild west product approach as self custodying your Bitcoin. It's dangerous even for the most hardcore nerd, but outright unusable and extremely unsafe for many normal people. An immutable, deterministic approach to trade, used by humans who are very much not immutable or deterministic. So we built this to protect users and our partners: - Don't return any quote if the price impact was >3%, or if the user would lose $3k or more. - Allow users to opt in by turning on "degen mode", but don't make it easy for them. We don't tell our partners to even add a "degen mode" button. The trading apps who need this feature ask us about it directly when needed. This user had said that $250k was a large personal amount of money for them. We felt terrible. In TradFi, this problem doesn't exist. Code has a bug, someone ends up with money that they shouldn't have, then they return it. So in our case, who should pay the user back? - DYDX is just a front end, but they had a critical issue with UX and had neglected to solve it despite warnings - Squid (and the Osmosis AMM pools) "worked as intended", but clearly shouldn't have let this route be handed to a user or executed - Osmosis base protocol had received the users funds, but had converted them to OSMO, and were sitting in the Osmosis community pool DYDX had 10s of millions of dollars in their treasury and had recently filled a user who lost $8m from a liquidation on their protocol. But they went completely quiet on this. The user was dead to them. Squid had always refunded users in full for any loss our protocol had caused from a bug, but this wasn't technically a bug, and $250k was a large chunk of our treasury at the time. We were still a small team, trying to survive a bear market. Osmosis had done nothing wrong, but they now had the user's money, so I thought it made sense for them to just give it back. So I spent the 12 days of Christmas lobbying the Osmosis community to give back this money that had landed in their lap. Drafting governance forum posts and talking with people who had influence in the community. The response was extremely negative, instead of returning the user's funds, the community laughed at the user, and decided to burn the OSMO that had been bought with the user's lost funds. This would to reduce the OSMO supply and hopefully pump their token. There was a solid contingent who were supportive of the user and our proposal, but they were outnumbered. I thought this was detestable behavior, but things were very sensitive in Cosmos, notoriously political and touchy. It was pointless to push it further. In the end, Squid sent a small portion of funds to the user to try help them somewhat. We wish we could have sent them more. DYDX and Osmosis gave nothing as far as we knew. We all know what it's like to accidentally fat finger something. Not saving a game, deleting some photos. It's awful, and you pray for a way to reverse it, take your hard drive to a specialist to look at the electrons and recover your memories. Humans are not perfectly rational, and they make mistakes. We need to live in a world which is forgiving and allows us to operate to the best of our abilities. Finance is a very harsh world, and in certain cases we can't and shouldn't protect our users from themselves, but we should try to do the right thing when it's available to us and avoid blatant stealing or loss of funds. For me, this was a very painful Christmas, and a moment where I grew out of DeFi 1.0. DeFi 2.0 Squid would build products which have the user in mind, not the dream-state vision of people who were pumping their ETH bags in 2020. Smart contracts should not be used for core business logic. They should be reduced as much as possible to only settlement. Intents solve this nicely, and many projects are building their products to be much more forgiving and user friendly. Aave and CowSwap (and all crypto swap products) should update their guardrails on their products to not allow a trade like this to happen again, but I'm glad for the transparency of DeFi bringing this to light, and I hope the block builder and MEV searcher return the user's funds!

Squid went through a very similar thing to this, and it's been long enough now that I feel comfortable getting it off my chest It was a huge wake up call and drastically updated my view of DeFi at the time TLDR: - The block builder and MEV searcher should return the money. This is obviously the right thing to do and hopefully will set a precedent. - Infra and apps are all responsible for user losses, especially when they direct their users to a "decentralized' protocol. - DeFi 1.0 protocol+app and "code is law" models can't work as the basis for global finance. DeFi protocols should be minimized to extremely basic settlement mechanisms onchain, with most application and trade logic offchain. Truly "open" markets are disproven imo. DeFi works best when combining the exit hatch characteristics of self custody which the reg arb bringing global, 24/7 availability. Now for Squid story time: Around Christmas 2023, a user bridged $600k USDC from Ethereum to DYDX on the DYDX interface, using the Squid API under the hood. They only received $350k, resulting in a $250k loss in one transaction due to slippage. The Osmosis pools for axlUSDC/USDC only had 350k liquidity of USDC in it. The $250k got picked up by an Osmosis MEV function they had built into the chain. This $250k USDC was immediately used to buy OSMO, and the OSMO was sitting in the Osmosis treasury. Apples for apples: - Aave is DYDX - CowSwap is Squid - Uniswap is Osmosis AMM - The Block Builder and MEV Searcher are Osmosis. In contrast to Aave, the DYDX bridge UI didn't show any price impact warning. No red text or checkboxes to continue. The user may have seen the expected output on the UI ($350k), but even that might have been hidden, depending on the version of the UI he used. We had warned the DYDX team of this issue for months before the incident happened, but startups move fast and they didn't get to adding a price impact warning. From our point of view, Squid "worked as intended" (also a phrase that Stani used toward CowSwap). - Squid returned the correct quote for this bridge (600k USDC -> 350k USDC), - Squid returned the price impact (25%) - slippage was set correctly (DYDX asked for 0.1% slippage via our API, meaning anything up to 0.1% worse than the current market rate is acceptable) But this wasn't enough to protect our partner or their user. This was our big wake up call. If Squid worked exactly as intended, how can we expect our design to be successful in the real world if users can get completely wrecked? We had started building Squid in 2021, in DeFi 1.0 where "code is law" and application logic followed the same wild west product approach as self custodying your Bitcoin. It's dangerous even for the most hardcore nerd, but outright unusable and extremely unsafe for many normal people. An immutable, deterministic approach to trade, used by humans who are very much not immutable or deterministic. So we built this to protect users and our partners: - Don't return any quote if the price impact was >3%, or if the user would lose $3k or more. - Allow users to opt in by turning on "degen mode", but don't make it easy for them. We don't tell our partners to even add a "degen mode" button. The trading apps who need this feature ask us about it directly when needed. This user had said that $250k was a large personal amount of money for them. We felt terrible. In TradFi, this problem doesn't exist. Code has a bug, someone ends up with money that they shouldn't have, then they return it. So in our case, who should pay the user back? - DYDX is just a front end, but they had a critical issue with UX and had neglected to solve it despite warnings - Squid (and the Osmosis AMM pools) "worked as intended", but clearly shouldn't have let this route be handed to a user or executed - Osmosis base protocol had received the users funds, but had converted them to OSMO, and were sitting in the Osmosis community pool DYDX had 10s of millions of dollars in their treasury and had recently filled a user who lost $8m from a liquidation on their protocol. But they went completely quiet on this. The user was dead to them. Squid had always refunded users in full for any loss our protocol had caused from a bug, but this wasn't technically a bug, and $250k was a large chunk of our treasury at the time. We were still a small team, trying to survive a bear market. Osmosis had done nothing wrong, but they now had the user's money, so I thought it made sense for them to just give it back. So I spent the 12 days of Christmas lobbying the Osmosis community to give back this money that had landed in their lap. Drafting governance forum posts and talking with people who had influence in the community. The response was extremely negative, instead of returning the user's funds, the community laughed at the user, and decided to burn the OSMO that had been bought with the user's lost funds. This would to reduce the OSMO supply and hopefully pump their token. There was a solid contingent who were supportive of the user and our proposal, but they were outnumbered. I thought this was detestable behavior, but things were very sensitive in Cosmos, notoriously political and touchy. It was pointless to push it further. In the end, Squid sent a small portion of funds to the user to try help them somewhat. We wish we could have sent them more. DYDX and Osmosis gave nothing as far as we knew. We all know what it's like to accidentally fat finger something. Not saving a game, deleting some photos. It's awful, and you pray for a way to reverse it, take your hard drive to a specialist to look at the electrons and recover your memories. Humans are not perfectly rational, and they make mistakes. We need to live in a world which is forgiving and allows us to operate to the best of our abilities. Finance is a very harsh world, and in certain cases we can't and shouldn't protect our users from themselves, but we should try to do the right thing when it's available to us and avoid blatant stealing or loss of funds. For me, this was a very painful Christmas, and a moment where I grew out of DeFi 1.0. DeFi 2.0 Squid would build products which have the user in mind, not the dream-state vision of people who were pumping their ETH bags in 2020. Smart contracts should not be used for core business logic. They should be reduced as much as possible to only settlement. Intents solve this nicely, and many projects are building their products to be much more forgiving and user friendly. Aave and CowSwap (and all crypto swap products) should update their guardrails on their products to not allow a trade like this to happen again, but I'm glad for the transparency of DeFi bringing this to light, and I hope the block builder and MEV searcher return the user's funds!

Squid went through a very similar thing to this, and it's been long enough now that I feel comfortable getting it off my chest It was a huge wake up call and drastically updated my view of DeFi at the time TLDR: - The block builder and MEV searcher should return the money. This is obviously the right thing to do and hopefully will set a precedent. - Infra and apps are all responsible for user losses, especially when they direct their users to a "decentralized' protocol. - DeFi 1.0 protocol+app and "code is law" models can't work as the basis for global finance. DeFi protocols should be minimized to extremely basic settlement mechanisms onchain, with most application and trade logic offchain. Truly "open" markets are disproven imo. DeFi works best when combining the exit hatch characteristics of self custody which the reg arb bringing global, 24/7 availability. Now for Squid story time: Around Christmas 2023, a user bridged $600k USDC from Ethereum to DYDX on the DYDX interface, using the Squid API under the hood. They only received $350k, resulting in a $250k loss in one transaction due to slippage. The Osmosis pools for axlUSDC/USDC only had 350k liquidity of USDC in it. The $250k got picked up by an Osmosis MEV function they had built into the chain. This $250k USDC was immediately used to buy OSMO, and the OSMO was sitting in the Osmosis treasury. Apples for apples: - Aave is DYDX - CowSwap is Squid - Uniswap is Osmosis AMM - The Block Builder and MEV Searcher are Osmosis. In contrast to Aave, the DYDX bridge UI didn't show any price impact warning. No red text or checkboxes to continue. The user may have seen the expected output on the UI ($350k), but even that might have been hidden, depending on the version of the UI he used. We had warned the DYDX team of this issue for months before the incident happened, but startups move fast and they didn't get to adding a price impact warning. From our point of view, Squid "worked as intended" (also a phrase that Stani used toward CowSwap). - Squid returned the correct quote for this bridge (600k USDC -> 350k USDC), - Squid returned the price impact (25%) - slippage was set correctly (DYDX asked for 0.1% slippage via our API, meaning anything up to 0.1% worse than the current market rate is acceptable) But this wasn't enough to protect our partner or their user. This was our big wake up call. If Squid worked exactly as intended, how can we expect our design to be successful in the real world if users can get completely wrecked? We had started building Squid in 2021, in DeFi 1.0 where "code is law" and application logic followed the same wild west product approach as self custodying your Bitcoin. It's dangerous even for the most hardcore nerd, but outright unusable and extremely unsafe for many normal people. An immutable, deterministic approach to trade, used by humans who are very much not immutable or deterministic. So we built this to protect users and our partners: - Don't return any quote if the price impact was >3%, or if the user would lose $3k or more. - Allow users to opt in by turning on "degen mode", but don't make it easy for them. We don't tell our partners to even add a "degen mode" button. The trading apps who need this feature ask us about it directly when needed. This user had said that $250k was a large personal amount of money for them. We felt terrible. In TradFi, this problem doesn't exist. Code has a bug, someone ends up with money that they shouldn't have, then they return it. So in our case, who should pay the user back? - DYDX is just a front end, but they had a critical issue with UX and had neglected to solve it despite warnings - Squid (and the Osmosis AMM pools) "worked as intended", but clearly shouldn't have let this route be handed to a user or executed - Osmosis base protocol had received the users funds, but had converted them to OSMO, and were sitting in the Osmosis community pool DYDX had 10s of millions of dollars in their treasury and had recently filled a user who lost $8m from a liquidation on their protocol. But they went completely quiet on this. The user was dead to them. Squid had always refunded users in full for any loss our protocol had caused from a bug, but this wasn't technically a bug, and $250k was a large chunk of our treasury at the time. We were still a small team, trying to survive a bear market. Osmosis had done nothing wrong, but they now had the user's money, so I thought it made sense for them to just give it back. So I spent the 12 days of Christmas lobbying the Osmosis community to give back this money that had landed in their lap. Drafting governance forum posts and talking with people who had influence in the community. The response was extremely negative, instead of returning the user's funds, the community laughed at the user, and decided to burn the OSMO that had been bought with the user's lost funds. This would to reduce the OSMO supply and hopefully pump their token. There was a solid contingent who were supportive of the user and our proposal, but they were outnumbered. I thought this was detestable behavior, but things were very sensitive in Cosmos, notoriously political and touchy. It was pointless to push it further. In the end, Squid sent a small portion of funds to the user to try help them somewhat. We wish we could have sent them more. DYDX and Osmosis gave nothing as far as we knew. We all know what it's like to accidentally fat finger something. Not saving a game, deleting some photos. It's awful, and you pray for a way to reverse it, take your hard drive to a specialist to look at the electrons and recover your memories. Humans are not perfectly rational, and they make mistakes. We need to live in a world which is forgiving and allows us to operate to the best of our abilities. Finance is a very harsh world, and in certain cases we can't and shouldn't protect our users from themselves, but we should try to do the right thing when it's available to us and avoid blatant stealing or loss of funds. For me, this was a very painful Christmas, and a moment where I grew out of DeFi 1.0. DeFi 2.0 Squid would build products which have the user in mind, not the dream-state vision of people who were pumping their ETH bags in 2020. Smart contracts should not be used for core business logic. They should be reduced as much as possible to only settlement. Intents solve this nicely, and many projects are building their products to be much more forgiving and user friendly. Aave and CowSwap (and all crypto swap products) should update their guardrails on their products to not allow a trade like this to happen again, but I'm glad for the transparency of DeFi bringing this to light, and I hope the block builder and MEV searcher return the user's funds!

Squid went through a very similar thing to this, and it's been long enough now that I feel comfortable getting it off my chest It was a huge wake up call and drastically updated my view of DeFi at the time TLDR: - The block builder and MEV searcher should return the money. This is obviously the right thing to do and hopefully will set a precedent. - Infra and apps are all responsible for user losses, especially when they direct their users to a "decentralized' protocol. - DeFi 1.0 protocol+app and "code is law" models can't work as the basis for global finance. DeFi protocols should be minimized to extremely basic settlement mechanisms onchain, with most application and trade logic offchain. Truly "open" markets are disproven imo. DeFi works best when combining the exit hatch characteristics of self custody which the reg arb bringing global, 24/7 availability. Now for Squid story time: Around Christmas 2023, a user bridged $600k USDC from Ethereum to DYDX on the DYDX interface, using the Squid API under the hood. They only received $350k, resulting in a $250k loss in one transaction due to slippage. The Osmosis pools for axlUSDC/USDC only had 350k liquidity of USDC in it. The $250k got picked up by an Osmosis MEV function they had built into the chain. This $250k USDC was immediately used to buy OSMO, and the OSMO was sitting in the Osmosis treasury. Apples for apples: - Aave is DYDX - CowSwap is Squid - Uniswap is Osmosis AMM - The Block Builder and MEV Searcher are Osmosis. In contrast to Aave, the DYDX bridge UI didn't show any price impact warning. No red text or checkboxes to continue. The user may have seen the expected output on the UI ($350k), but even that might have been hidden, depending on the version of the UI he used. We had warned the DYDX team of this issue for months before the incident happened, but startups move fast and they didn't get to adding a price impact warning. From our point of view, Squid "worked as intended" (also a phrase that Stani used toward CowSwap). - Squid returned the correct quote for this bridge (600k USDC -> 350k USDC), - Squid returned the price impact (25%) - slippage was set correctly (DYDX asked for 0.1% slippage via our API, meaning anything up to 0.1% worse than the current market rate is acceptable) But this wasn't enough to protect our partner or their user. This was our big wake up call. If Squid worked exactly as intended, how can we expect our design to be successful in the real world if users can get completely wrecked? We had started building Squid in 2021, in DeFi 1.0 where "code is law" and application logic followed the same wild west product approach as self custodying your Bitcoin. It's dangerous even for the most hardcore nerd, but outright unusable and extremely unsafe for many normal people. An immutable, deterministic approach to trade, used by humans who are very much not immutable or deterministic. So we built this to protect users and our partners: - Don't return any quote if the price impact was >3%, or if the user would lose $3k or more. - Allow users to opt in by turning on "degen mode", but don't make it easy for them. We don't tell our partners to even add a "degen mode" button. The trading apps who need this feature ask us about it directly when needed. This user had said that $250k was a large personal amount of money for them. We felt terrible. In TradFi, this problem doesn't exist. Code has a bug, someone ends up with money that they shouldn't have, then they return it. So in our case, who should pay the user back? - DYDX is just a front end, but they had a critical issue with UX and had neglected to solve it despite warnings - Squid (and the Osmosis AMM pools) "worked as intended", but clearly shouldn't have let this route be handed to a user or executed - Osmosis base protocol had received the users funds, but had converted them to OSMO, and were sitting in the Osmosis community pool DYDX had 10s of millions of dollars in their treasury and had recently filled a user who lost $8m from a liquidation on their protocol. But they went completely quiet on this. The user was dead to them. Squid had always refunded users in full for any loss our protocol had caused from a bug, but this wasn't technically a bug, and $250k was a large chunk of our treasury at the time. We were still a small team, trying to survive a bear market. Osmosis had done nothing wrong, but they now had the user's money, so I thought it made sense for them to just give it back. So I spent the 12 days of Christmas lobbying the Osmosis community to give back this money that had landed in their lap. Drafting governance forum posts and talking with people who had influence in the community. The response was extremely negative, instead of returning the user's funds, the community laughed at the user, and decided to burn the OSMO that had been bought with the user's lost funds. This would to reduce the OSMO supply and hopefully pump their token. There was a solid contingent who were supportive of the user and our proposal, but they were outnumbered. I thought this was detestable behavior, but things were very sensitive in Cosmos, notoriously political and touchy. It was pointless to push it further. In the end, Squid sent a small portion of funds to the user to try help them somewhat. We wish we could have sent them more. DYDX and Osmosis gave nothing as far as we knew. We all know what it's like to accidentally fat finger something. Not saving a game, deleting some photos. It's awful, and you pray for a way to reverse it, take your hard drive to a specialist to look at the electrons and recover your memories. Humans are not perfectly rational, and they make mistakes. We need to live in a world which is forgiving and allows us to operate to the best of our abilities. Finance is a very harsh world, and in certain cases we can't and shouldn't protect our users from themselves, but we should try to do the right thing when it's available to us and avoid blatant stealing or loss of funds. For me, this was a very painful Christmas, and a moment where I grew out of DeFi 1.0. DeFi 2.0 Squid would build products which have the user in mind, not the dream-state vision of people who were pumping their ETH bags in 2020. Smart contracts should not be used for core business logic. They should be reduced as much as possible to only settlement. Intents solve this nicely, and many projects are building their products to be much more forgiving and user friendly. Aave and CowSwap (and all crypto swap products) should update their guardrails on their products to not allow a trade like this to happen again, but I'm glad for the transparency of DeFi bringing this to light, and I hope the block builder and MEV searcher return the user's funds!

Squid went through a very similar thing to this, and it's been long enough now that I feel comfortable getting it off my chest It was a huge wake up call and drastically updated my view of DeFi at the time TLDR: - The block builder and MEV searcher should return the money. This is obviously the right thing to do and hopefully will set a precedent. - Infra and apps are all responsible for user losses, especially when they direct their users to a "decentralized' protocol. - DeFi 1.0 protocol+app and "code is law" models can't work as the basis for global finance. DeFi protocols should be minimized to extremely basic settlement mechanisms onchain, with most application and trade logic offchain. Truly "open" markets are disproven imo. DeFi works best when combining the exit hatch characteristics of self custody which the reg arb bringing global, 24/7 availability. Now for Squid story time: Around Christmas 2023, a user bridged $600k USDC from Ethereum to DYDX on the DYDX interface, using the Squid API under the hood. They only received $350k, resulting in a $250k loss in one transaction due to slippage. The Osmosis pools for axlUSDC/USDC only had 350k liquidity of USDC in it. The $250k got picked up by an Osmosis MEV function they had built into the chain. This $250k USDC was immediately used to buy OSMO, and the OSMO was sitting in the Osmosis treasury. Apples for apples: - Aave is DYDX - CowSwap is Squid - Uniswap is Osmosis AMM - The Block Builder and MEV Searcher are Osmosis. In contrast to Aave, the DYDX bridge UI didn't show any price impact warning. No red text or checkboxes to continue. The user may have seen the expected output on the UI ($350k), but even that might have been hidden, depending on the version of the UI he used. We had warned the DYDX team of this issue for months before the incident happened, but startups move fast and they didn't get to adding a price impact warning. From our point of view, Squid "worked as intended" (also a phrase that Stani used toward CowSwap). - Squid returned the correct quote for this bridge (600k USDC -> 350k USDC), - Squid returned the price impact (25%) - slippage was set correctly (DYDX asked for 0.1% slippage via our API, meaning anything up to 0.1% worse than the current market rate is acceptable) But this wasn't enough to protect our partner or their user. This was our big wake up call. If Squid worked exactly as intended, how can we expect our design to be successful in the real world if users can get completely wrecked? We had started building Squid in 2021, in DeFi 1.0 where "code is law" and application logic followed the same wild west product approach as self custodying your Bitcoin. It's dangerous even for the most hardcore nerd, but outright unusable and extremely unsafe for many normal people. An immutable, deterministic approach to trade, used by humans who are very much not immutable or deterministic. So we built this to protect users and our partners: - Don't return any quote if the price impact was >3%, or if the user would lose $3k or more. - Allow users to opt in by turning on "degen mode", but don't make it easy for them. We don't tell our partners to even add a "degen mode" button. The trading apps who need this feature ask us about it directly when needed. This user had said that $250k was a large personal amount of money for them. We felt terrible. In TradFi, this problem doesn't exist. Code has a bug, someone ends up with money that they shouldn't have, then they return it. So in our case, who should pay the user back? - DYDX is just a front end, but they had a critical issue with UX and had neglected to solve it despite warnings - Squid (and the Osmosis AMM pools) "worked as intended", but clearly shouldn't have let this route be handed to a user or executed - Osmosis base protocol had received the users funds, but had converted them to OSMO, and were sitting in the Osmosis community pool DYDX had 10s of millions of dollars in their treasury and had recently filled a user who lost $8m from a liquidation on their protocol. But they went completely quiet on this. The user was dead to them. Squid had always refunded users in full for any loss our protocol had caused from a bug, but this wasn't technically a bug, and $250k was a large chunk of our treasury at the time. We were still a small team, trying to survive a bear market. Osmosis had done nothing wrong, but they now had the user's money, so I thought it made sense for them to just give it back. So I spent the 12 days of Christmas lobbying the Osmosis community to give back this money that had landed in their lap. Drafting governance forum posts and talking with people who had influence in the community. The response was extremely negative, instead of returning the user's funds, the community laughed at the user, and decided to burn the OSMO that had been bought with the user's lost funds. This would to reduce the OSMO supply and hopefully pump their token. There was a solid contingent who were supportive of the user and our proposal, but they were outnumbered. I thought this was detestable behavior, but things were very sensitive in Cosmos, notoriously political and touchy. It was pointless to push it further. In the end, Squid sent a small portion of funds to the user to try help them somewhat. We wish we could have sent them more. DYDX and Osmosis gave nothing as far as we knew. We all know what it's like to accidentally fat finger something. Not saving a game, deleting some photos. It's awful, and you pray for a way to reverse it, take your hard drive to a specialist to look at the electrons and recover your memories. Humans are not perfectly rational, and they make mistakes. We need to live in a world which is forgiving and allows us to operate to the best of our abilities. Finance is a very harsh world, and in certain cases we can't and shouldn't protect our users from themselves, but we should try to do the right thing when it's available to us and avoid blatant stealing or loss of funds. For me, this was a very painful Christmas, and a moment where I grew out of DeFi 1.0. DeFi 2.0 Squid would build products which have the user in mind, not the dream-state vision of people who were pumping their ETH bags in 2020. Smart contracts should not be used for core business logic. They should be reduced as much as possible to only settlement. Intents solve this nicely, and many projects are building their products to be much more forgiving and user friendly. Aave and CowSwap (and all crypto swap products) should update their guardrails on their products to not allow a trade like this to happen again, but I'm glad for the transparency of DeFi bringing this to light, and I hope the block builder and MEV searcher return the user's funds!

Earlier today, a user attempted to buy AAVE using $50M USDT through the Aave interface. Given the unusually large size of the single order, the Aave interface, like most trading interfaces, warned the user about extraordinary slippage and required confirmation via a checkbox. The user confirmed the warning on their mobile device and proceeded with the swap, accepting the high slippage, which ultimately resulted in receiving only 324 AAVE in return. The transaction could not be moved forward without the user explicitly accepting the risk through the confirmation checkbox. The CoW Swap routers functioned as intended, and the integration followed standard industry practices. However, while the user was able to proceed with the swap, the final outcome was clearly far from optimal. Events like this do occur in DeFi, but the scale of this transaction was significantly larger than what is typically seen in the space. We sympathize with the user and will try to make a contact with the user and we will return $600K in fees collected from the transaction. The key takeaway is that while DeFi should remain open and permissionless, allowing users to perform transactions freely, there are additional guardrails the industry can build to better protect users. Our team will be investigating ways to improve these safeguards going forward.