Non-Custodial Trading

The user's private key is the sole proof of ownership and access to their funds. Security risks include:

• Loss: If the seed phrase or private key is lost, funds are irrecoverable.
• Theft: Malware, phishing sites, or physical theft can compromise keys.
• Mismanagement: Storing keys in plaintext, email, or screenshots creates vulnerabilities. Users must employ hardware wallets or secure, offline storage solutions.

Trades execute via smart contracts deployed by protocols. Users are exposed to:

• Bugs & Exploits: Undiscovered vulnerabilities can lead to fund loss (e.g., reentrancy attacks).
• Admin Keys: Some contracts have privileged functions controlled by multi-sig or admin keys, creating centralization risk.
• Upgradability: Proxy contracts can be upgraded, changing the logic after user deposits. Always audit the protocol's security track record and code audits before use.

The transparent nature of public mempools allows Miners/Validators and searchers to exploit transaction ordering for profit, a practice known as Maximal Extractable Value (MEV). Common attacks include:

• Front-running: Seeing a profitable trade and submitting a transaction with a higher gas fee to execute first.
• Sandwich attacks: Placing orders before and after a victim's large trade to manipulate price. This results in worse execution prices (slippage) for the user.

The decentralized application (dApp) front-end is a critical attack vector. Risks include:

• Malicious Websites: Clone sites that mimic legitimate protocols to steal wallet approvals.
• DNS Hijacking: Compromised domain names redirecting to fraudulent interfaces.
• Malicious Transaction Pop-ups: Crafted approvals that drain assets when signed. Users must verify URLs, use bookmarkers, and scrutinize every transaction signature request.

Many DeFi protocols rely on price oracles (like Chainlink) for asset valuations. If an oracle is compromised or provides stale data, it can lead to:

• Under-collateralized Loans: Allowing borrowing against insufficient collateral.
• Incorrect Swap Rates: Enabling arbitrage at the protocol's expense.
• Liquidation Cascades: Faulty prices triggering unjustified liquidations. Protocols mitigate this with multiple oracle sources and time-weighted average prices (TWAPs).

A risk specific to providing liquidity in Automated Market Maker (AMM) pools. IL occurs when the price of deposited assets diverges from their price at deposit time, compared to simply holding them. Key points:

• It is "impermanent" only if prices return to their original ratio.
• Losses are realized upon withdrawal from the pool.
• IL is amplified by higher volatility. Liquidity providers are compensated with trading fees, which may or may not offset the IL.

A peer-to-peer marketplace where users trade cryptocurrencies directly from their wallets using smart contracts. Unlike centralized exchanges (CEXs), DEXs do not hold user funds, making them the primary venue for non-custodial trading. Key models include:

• Automated Market Makers (AMMs): Use liquidity pools (e.g., Uniswap, Curve).
• Order Book DEXs: Match limit orders on-chain (e.g., dYdX) or off-chain.
• Aggregators: Route orders across multiple DEXs for best price (e.g., 1inch).

A software or hardware tool where the user retains exclusive control of their private keys and, therefore, their assets. This is the foundational requirement for non-custodial activity. Wallets interact with DEXs by signing transactions without surrendering custody. Types include:

• Browser Extension Wallets: MetaMask, Phantom.
• Mobile Wallets: Trust Wallet, Rainbow.
• Hardware Wallets: Ledger, Trezor (cold storage).

A smart contract-based protocol that enables trading by using liquidity pools instead of traditional order books. It is the dominant mechanism for non-custodial trading on DEXs. Key components:

• Liquidity Pools: User-deposited token pairs that facilitate trades.
• Constant Product Formula: x * y = k, used by protocols like Uniswap V2.
• Liquidity Providers (LPs): Users who supply assets to pools and earn fees.
• Impermanent Loss: A risk for LPs when pool asset prices diverge.

A non-custodial trade that exchanges assets across different blockchain networks (e.g., Ethereum to Solana). This is facilitated by bridges or cross-chain DEXs that lock assets on one chain and mint or release them on another. Solutions include:

• Liquidity Network Bridges: Use pooled liquidity on both chains (e.g., Stargate).
• Atomic Swaps: Use Hashed Timelock Contracts (HTLCs) for direct peer-to-peer swaps.
• Cross-Chain Messaging Protocols: Like LayerZero or Wormhole, which enable generalized asset transfer.

A non-custodial trading instruction to buy or sell an asset at a specified price or better. While challenging to execute efficiently on-chain due to cost and speed, specialized protocols have emerged. Implementations include:

• Off-Chain Order Book with On-Chain Settlement: dYdX (on StarkEx).
• AMM with Range Orders: Uniswap V3 allows liquidity provision within specific price ranges, functioning similarly to limit orders.
• Intent-Based Solvers: Users submit desired outcomes (intents), and a network of solvers competes to fulfill them, as seen in CowSwap.

Techniques to shield non-custodial traders from Miner/Maximal Extractable Value (MEV)—profits validators or searchers extract by reordering, inserting, or censoring transactions. Key protections for traders:

• Private Transactions: Sent via channels like Flashbots Protect RPC.
• Fair Sequencing Services: Protocols that enforce transaction order fairness.
• Aggregator Slippage Protection: Advanced DEX aggregators (e.g., 1inch, CowSwap) use batch auctions and solvers to mitigate front-running and sandwich attacks.