Risk Disclosure and Important Notice

Last updated: 2026-05-14

Plain-English summary. Cross-chain swaps are experimental, irreversible, and risky. You can lose all your funds in a single transaction — from a smart-contract exploit, a bridge failure, a phishing site, a wrong-network mistake, a stolen seed phrase, or simply a rugged token. We do not custody your assets and we cannot reimburse you for losses. Read this page before you click "Swap".

1. You Are Using Experimental Software

Ropil is a non-custodial interface over decentralised finance protocols. The smart contracts, aggregators, bridges, and validators that actually move your funds are operated by independent third parties. We are not a regulated financial institution, we are not a custodian, and we are not a deposit-taker. There is no government-backed deposit-insurance scheme that protects digital-asset balances against loss or theft.

By proceeding you confirm that you understand the risks summarised below and accept them in full.

2. Smart-Contract Risk

Smart contracts are computer programs. They may contain:

• bugs that a malicious actor can exploit to drain liquidity or to reroute funds;
• economic exploits (oracle manipulation, flash-loan attacks, donation attacks, just-in-time MEV) that drain pools without touching the code;
• upgradeable-proxy risk — an admin key may be able to change contract logic, potentially in ways adverse to users;
• governance attacks — token-weighted votes can change parameters or upgrade contracts.

Audits, bug-bounties and formal verification reduce — but do not eliminate — these risks. Significant DeFi protocols have been exploited despite multiple reputable audits.

3. Liquidity and Slippage Risk

Quoted prices are estimates only. Between the time you sign and the time the transaction settles, the actual fill price can move significantly because of:

• thin liquidity in one or more legs of the route,
• other users trading against the same pool,
• searcher / MEV activity (sandwiching, back-running),
• price oracles updating during your bridge wait,
• a separate transaction by you or your wallet that consumed gas or moved funds.

The slippage-tolerance setting protects you only up to the tolerance you set. Setting slippage too high invites sandwich attacks; setting it too low causes failed transactions and wasted gas. Neither outcome is recoverable by us.

4. Bridge and Cross-Chain Risk

Cross-chain swaps are the single highest-risk action in DeFi. They are multi-step (funds leave chain A, are held by a bridge, then arrive on chain B; failure at any step can strand funds), dependent on a small group of relayers, validators or signers (compromise the quorum, compromise the bridge), subject to long settlement delays (minutes to hours), and some legs may silently fail and refund in an unexpected token on a different chain. If destination liquidity dries up mid-route you may receive a partial fill or a held claim that requires a manual completion step. Historical exploits — Ronin, Wormhole, Nomad, Poly, Multichain, Harmony, Orbit — total billions of dollars in user losses.

5. Wallet-Security Risk

The most common cause of crypto loss is not a protocol hack. It is the user.

You are responsible for: never sharing your seed phrase or private key with anyone (including anyone who claims to represent Ropil); never entering a seed phrase on any website; verifying the URL of the Interface before every signature; reading every transaction in your wallet (contract, function, value, network) before approving; using a hardware wallet for material balances; treating browser extensions, mobile keyboards and screen-sharing tools as untrusted. A malicious extension, a compromised RPC, a fake wallet pop-up, or a phishing site identical to Ropil can drain everything in a single signed message. Token allowances persist on-chain and must be revoked manually (e.g. via revoke.cash).

6. Token Risk and "Honeypots"

Token listings on the Interface are not endorsements. A token may be a honeypot (transfers revert on sell), a tax or rebasing token whose true price differs from the quote, a spoof that shares a ticker with a legitimate token but has a different contract, or proxy-upgradeable in ways that change its behaviour mid-trade. Liquidity may be removed between quote and fill. Always verify the contract address against an independent source before trading.

7. Regulatory and Jurisdictional Risk

The legal status of cryptocurrency, decentralised exchanges, cross-chain bridges, and self-custodial software differs by jurisdiction and changes rapidly. Activity that is permitted today may be restricted tomorrow. Tax treatment of swaps, bridges, and yield is in many jurisdictions unsettled.

You are solely responsible for determining whether your use of the Interface is lawful in your jurisdiction, for reporting and paying taxes that arise from your activity, and for complying with all sanctions and anti-money-laundering obligations that apply to you. See the Terms of Service, Section 4, for the eligibility limits we impose on top of that.

Regulatory action against an Underlying Protocol, a token issuer, or a bridge may freeze, blacklist, or otherwise impair assets you hold. We cannot indemnify you against that risk.

8. No Recourse, No Customer-Support Contract

Summary. If your swap fails, your tokens go to the wrong address, your bridge stalls, or you are phished — we cannot reverse it and we are not obliged to help.

We do not operate a regulated-firm support desk. We cannot reverse on-chain transactions, restore lost or stolen wallets, claw back funds sent to a wrong address or network, guarantee a response time, or compensate losses. We may, on a best-effort basis, respond to inquiries at hello@ropil.xyz — that correspondence does not create a customer relationship, a fiduciary duty, or any service-level commitment.

9. Phishing and Impersonation Awareness

Scammers clone DeFi interfaces, buy paid search ads for misspelled domains, and impersonate project teams on Telegram, Discord and X. Bookmark the official URL of Ropil and use the bookmark — never click through from a search engine or an ad. Distrust anyone who DMs you offering help, support, "verification" or an airdrop; we will never DM you first. Distrust any signature prompt you do not understand — especially Permit2, setApprovalForAll or increaseAllowance with an unfamiliar spender. Reject any transaction with a wrong network, wrong destination, or infinite-amount allowance. Revoke stale approvals periodically. The only contact address we publish is hello@ropil.xyz.

10. Acknowledgement

By using Ropil you confirm that you:

• have read and understood this Risk Disclosure,
• understand that digital-asset transactions are irreversible and at your own risk,
• accept full responsibility for the security of your wallet and the consequences of every transaction you sign,
• accept that we do not custody, advise on, or insure your assets, and that you have no expectation of compensation from us for any loss.

For all security reports, please write to hello@ropil.xyz.

Drafted with reference to the CoW Swap Terms (https://cow.fi/legal/cowswap-terms) "Risks Associated with Use" section, the LI.FI Terms & Conditions (https://li.fi/legal/terms-and-conditions/), and the public structure of the Uniswap Labs Terms of Service. Bridge-exploit history is from publicly reported figures and is illustrative.