最終修復方案出爐，Aave壞帳風波終於要迎來結局

Original Article by Odaily 星球日报（@OdailyChina）

Author｜Azuma（@azuma_eth）

The Aave bad debt saga that has been unfolding for over a week is essentially coming to an end.

With DeFi United having raised sufficient funds to resolve the issue (as of the time of writing, 132,704 ETH has been raised, valued at approximately $302 million), the Aave team also released a technical implementation plan on April 28th at noon to rectify the rsETH collateral situation and restore normal market operations.

• Odaily Note: For background, refer to "DeFi Stolen Again for $292 Million; Is Even Aave No Longer Safe?"; "The $290 Million Gap: A Three-Way Game Among Aave, L0, and Kelp – Who Pays?"; "Aave is Handing Over the DeFi Lending Throne Due to Its Own Folly".

Background Recap

The details of how Kelp DAO lost 116,500 rsETH don't need repeating; the focus is on the flow of the stolen funds after the theft.

After succeeding, the hacker first distributed the 116,500 rsETH across multiple addresses. A portion was deposited as collateral into Aave V3 on the Ethereum mainnet to borrow WETH, another portion was bridged to Arbitrum and used as collateral on Aave there to borrow WETH, and the remaining small portion was moved through various other channels.

Currently, 7 addresses linked to the hacker still hold active rsETH collateral positions on Aave and Compound, accounting for approximately 107,000 of the original 116,500 stolen tokens.

Solution

To achieve the remediation goals, Aave has set two objectives in its proposed implementation plan. First, restore the collateral backing of rsETH. Second, clean up the affected positions within lending markets like Aave and Compound to recover the over-collateralized assets (approximately 107,000 rsETH), thereby rectifying the market damage.

Let's discuss the first goal – restoring the collateral backing of rsETH.

Currently, rsETH is effectively in a "balance sheet insolvency" state. While the underlying staked ETH remains intact, the hacker has already drained value via borrowing, creating a gap that has caused the exchange rate between rsETH and ETH to de-peg.

Therefore, Aave mentions that to restore rsETH's collateral backing, the exchange ratio between rsETH and ETH needs to be brought back to 1 : 1.07. This will be facilitated by DeFi United, which has now secured enough ETH commitments to restore the system's full operation. However, final execution still depends on governance approval, execution timeline, and the signing of relevant agreements.

If the plan proceeds smoothly, DeFi United will fully restore rsETH's collateral support by depositing ETH into the rsETH bridge lock contract (RSETH_OFTAdapter 0x85d456b2…98ef3). The specific process is as follows:

• Convert DeFi United's ETH into rsETH in batches;
• Transfer this rsETH into the relevant lock contracts;
• Enable the bridge system to safely recover and resume full operation;
• LayerZero and Kelp DAO will implement additional security measures to ensure the bridge's safety post-recovery.

Now for the second goal – cleaning up affected positions in lending markets.

Once rsETH's collateral backing is restored, theoretically, there should be no bad debt in Aave's lending markets (as the collateral value would exceed the borrowed value). However, the several abnormal collateral positions linked to the hacker still need to be liquidated (estimated to recover 13,000 ETH) to restore normal market operations.

To this end, Aave states that it will initiate governance proposals on Ethereum and Arbitrum sequentially to clean up abnormal positions through a "controlled liquidation process." The specific resolution process is:

• Temporarily adjust the rsETH oracle price to trigger efficient liquidations;
• The liquidation process will create a temporary shortfall (which will be compensated for in subsequent steps);
• The recovered rsETH collateral will be transferred to a multi-sig address managed by DeFi United.

Aave emphasizes that the above parameter adjustments are temporary measures, used solely for recovery execution. All adjustments will be reverted upon completion and will not have long-term effects on the Aave protocol. During the resolution period, WETH and rsETH deposits on Ethereum mainnet, Arbitrum, Base, Mantle, and Linea will remain frozen.

The ideal outcome after liquidation is: the rsETH price oracle will be restored; the recovered rsETH will be redeemed for ETH through the standard process via Kelp DAO; this ETH will be used to cover the shortfall in Aave's Ethereum and Arbitrum markets.

As for Compound, a similar cleanup method will be employed. With liquidity support from DeFi United, it is estimated that an additional ~16,776 ETH can be recovered.

Once both objectives are effectively completed, Aave will lift the pause and freeze on rsETH and ETH in all related markets, and subsequently restore the Loan-to-Value (LTV) and other parameter configurations for ETH and other assets.

Outstanding Issues

Aave added that while the above plan aims to achieve its remediation goals without socialized losses, several uncertainties remain.

First, although sufficient ETH commitments have been obtained, fund deployment still depends on final agreements and governance approvals; Second, the cleanup of affected positions relies on the smooth passage and execution of governance proposals; Third, deliberate interference by the attacker could prevent the shortfall from fully materializing, requiring additional liquidation steps; Fourth, while LayerZero and Kelp have deployed extra security measures, residual risk exists until verified in a production environment.

Regardless, the "Kelp DAO Theft / Aave Bad Debt" saga that has troubled the DeFi market for some time finally appears to be reaching a conclusion. Now, the focus is on whether the plan can be executed in the real-world environment as anticipated.

As The Rollup founder Andy commented: "The next few days are critical for DeFi. The task is monumental, and it must be done both quickly and safely. This is not only a technical challenge, but also a test of social coordination. Witnessing this unfold in real-time feels surreal."

Let's hope luck is on DeFi's side.