Oracle "Malfunction," Aave Faces $27 Million Abnormal Liquidation
- Core Insight: The Aave protocol experienced an abnormal liquidation event caused by a misalignment in parameter updates for its internal security module (CAPO). Approximately $27 million in positions were forcibly liquidated. Risk management partner Chaos Labs has committed to fully compensating affected users, and the protocol itself did not incur any bad debt.
- Key Elements:
- The root cause was the Aave internal CAPO module designed to prevent price manipulation. The "snapshot exchange rate" and "snapshot timestamp" parameters were updated out of sync, causing the system to undervalue the wstETH price by approximately 2.85%.
- Under Aave's E-Mode (Efficiency Mode), users operate with high leverage and are sensitive to price deviations. This systematic undervaluation pushed a batch of positions past the liquidation threshold, triggering on-chain liquidation bots.
- The combined actions of liquidation and arbitrage resulted in an outflow of approximately 499 ETH (worth about $1.27 million) from the 34 affected user addresses. However, the protocol's liquidity pools were unaffected, and no bad debt was generated.
- Risk management partner Chaos Labs has explicitly committed to fully compensating affected users. Compensation will be sourced from recovered funds and the DAO treasury, with an estimated maximum payout of around 345 ETH (approximately $870,000).
- The team has already fixed the parameter misalignment issue through emergency measures and temporarily adjusted borrowing limits to control risk. This event highlights the importance of internal security mechanisms and parameter validation in DeFi protocols.
Original Author: Sanqing, Foresight News
In the early hours of March 11th, the decentralized lending protocol Aave experienced a rare abnormal liquidation. There was no market crash, nor any external attack, yet approximately $27 million worth of loan positions were forcibly liquidated within hours. A total of 34 accounts, holding about 10,938 wstETH, were "harvested" by on-chain liquidation bots.
Image Source: CHAOS LABS Liquidation Data Tracker
Aave's risk management partner, Chaos Labs, was the first to respond on X. Its CEO, Omer Goldberg, clearly stated: "No bad debt was generated, and all affected users will receive full compensation." Aave Labs founder Stani Kulechov later posted on X: "The Aave protocol itself remains unaffected."
The Guardian Turned Harvester
Unlike most liquidation events, this one occurred without a market crash, external attack, or distortion of price feed data sources. The truth was clarified in the Post-Mortem report later published by Aave's risk management partner, Chaos Labs, on the governance forum.
The underlying oracle's price feed itself was completely accurate. The real culprit was an internal security module named CAPO (Capped Asset Price Oracle). This is a mechanism specifically designed to prevent price manipulation, but this time, acting as a "guardian," it unexpectedly became the trigger for user liquidations.
When handling yield-bearing tokens like wstETH, which continuously accrue staking rewards, Aave implemented a price growth cap to prevent someone from artificially inflating collateral valuation by manipulating the token's exchange rate.
CAPO relies on the coordinated operation of two parameters: snapshotRatio (the snapshot exchange rate, subject to on-chain hard constraints, with a maximum increase of 3% every 3 days) and snapshotTimestamp (the snapshot timestamp, without the same rate limit). The two should update synchronously. Once they become misaligned, the calculated "maximum allowed exchange rate" deviates from the real market price.
This misalignment is exactly what happened. The system attempted to update the snapshotRatio from approximately 1.1572 to a target value of 1.2282, but due to the rate constraint, it could only advance to 1.1919. Meanwhile, the snapshotTimestamp jumped directly to an anchor point corresponding to 7 days prior, unimpeded.
The two parameters updated independently and misaligned, causing CAPO to ultimately calculate a maximum allowed wstETH exchange rate of about 1.1939, roughly 2.85% lower than the actual market price.
Image Source: Chaos Labs Governance Forum Post-Mortem
For ordinary positions, a 2.85% deviation might just be noise. However, under Aave's E-Mode (Efficiency Mode), users can borrow at leverage ratios far higher than normal modes, making positions extremely sensitive to price deviations.
The protocol's systematic undervaluation of wstETH pushed a batch of positions that were originally above the safety threshold past the liquidation line. On-chain bots took care of the rest.
Looking at the profit flow, liquidators received approximately 116 ETH in normal liquidation rewards. An additional ~382 ETH came from arbitrageurs profiting from the spread between the protocol's low valuation and the market's real price.
The combined total of about 499 ETH (equivalent to approximately $1.27 million) flowed out of the affected users' positions. The result at the protocol level was clean: zero bad debt, the lending pool remained unscathed, and all losses only impacted the 34 liquidated user addresses.
Chaos Labs: We Will Fully Compensate
The most direct response to the incident came from the risk management side, Chaos Labs. CEO Omer Goldberg stated clearly on X: "Every single affected user will be made whole." He also admitted that the configuration error in the risk oracle, a core piece of protocol infrastructure, was a serious lesson, and the team would conduct a comprehensive review of the parameter update process.
Image Source: Omer Goldberg's Tweet
On the compensation execution front, Chaos Labs has already recovered approximately 141.5 ETH through BuilderNet. Combined with supplementary funds from the Aave DAO treasury, the compensation cap is estimated to be around 345 ETH (about $870,000), intended to cover all affected accounts.
During the emergency response phase, the team first temporarily reduced the wstETH borrowing limit for the affected instances (Core and Prime) to 1. They then manually realigned the two snapshot parameters through the Risk Steward mechanism. After completing the fix, the borrowing limits were restored to their original values (Core: 180,000, Prime: 70,000).
Oracle Issues Are Never a New Topic
This is not the first time the DeFi world has been upended by oracle issues. Just recently (February 18th), the lending protocol Moonwell briefly priced cbETH at around $1 (market price ~$2200) due to an oracle configuration error, ultimately resulting in nearly $1.8 million in bad debt. Earlier incidents like the Mango Markets manipulation and the Euler Finance exploit left lessons worth hundreds of millions of dollars.
However, the Aave incident has its peculiarities. The error did not stem from external data but from the protocol's own internal security layer, specifically built to combat manipulation. Under specific conditions, this "shield" turned into a blade that harmed users.
"Code is Law" is a tenet of decentralized finance. The automated execution of smart contracts eliminates room for human intervention, but it also means that a mismatch in any line of parameters can execute an irreversible operation without the user's awareness.
Chaos Labs' compensation promise might mend this crack at the economic level, but a more fundamental fix must occur at the engineering layer. This includes validation for parameter updates, consistency checks for on-chain constraints, and a real-time monitoring mechanism capable of sounding alarms before errors escalate.
