Aave Oracle Malfunction Triggers $26M in Erroneous wstETH Liquidations
A misconfiguration in Aave's Correlated Asset Price Oracle (CAPO) caused erroneous liquidations of wstETH positions worth approximately $26 million. The team is preparing a compensation plan for affected users.
Oracle Mispricing Triggers $26M Liquidation Cascade
On March 10, Aave — one of the largest DeFi lending protocols — experienced a significant oracle malfunction that resulted in approximately $26 million worth of erroneous liquidations of wstETH positions.
The issue stemmed from a misconfiguration of the Correlated Asset Price Oracle (CAPO), a safeguard mechanism designed to protect the protocol from sharp price swings. According to risk analysts at Chaos Labs, a data desynchronization caused CAPO to register the asset's exchange rate at 1.1939 instead of its actual value of 1.228.
Why This Matters
Aave is a cornerstone of the DeFi ecosystem. Just last February, it became the first decentralized finance protocol to surpass $1 trillion in cumulative loan volume. An oracle failure at this scale raises critical questions about the reliability of pricing mechanisms even within the most established protocols. Such incidents erode user confidence and highlight the inherent risks of automated collateral management systems.
Root Cause: Update Procedure Conflict
The malfunction originated from an error during a routine update. An off-chain algorithm attempted to adjust price quotations in a single operation, but failed to account for a smart contract limitation: the parameter can only be increased by a maximum of 3% every three days.
This conflict between the update algorithm and the on-chain rate cap caused the effective exchange rate within the protocol to drop by 2.85%, which automatically triggered a cascade of forced liquidations.
Scope of the Damage
The incident affected 34 user accounts. The system forcibly sold 10,938 wstETH. Third-party liquidators who capitalized on the pricing error earned approximately 499 ETH in profits.
Chaos Labs confirmed that the incident did not create any bad debt for the Aave protocol — all liquidations were fully covered by collateral.
Response and Compensation Plan
The development team moved quickly to contain the situation. Immediate countermeasures included:
- Temporarily reducing borrowing limits for wstETH
- Manually correcting the oracle parameters
Aave is now preparing a compensation package for affected users. Losses will be covered through 141.5 ETH recovered after the incident, supplemented by up to 345 ETH allocated from the DAO treasury.
The team emphasized that the underlying oracle architecture remains secure. The failure was caused solely by a configuration conflict during the update process, not by a fundamental vulnerability in the system's design.
Frequently Asked Questions
What caused the Aave oracle malfunction?
The issue was caused by a misconfiguration of the Correlated Asset Price Oracle (CAPO). An off-chain algorithm tried to adjust prices in one update but violated a smart contract rule that limits rate increases to 3% every three days.
How much was lost in the Aave oracle incident?
The malfunction triggered approximately $26 million in erroneous wstETH liquidations. Third-party liquidators earned about 499 ETH in profits from the event.
How many users were affected by the Aave liquidations?
The incident affected 34 accounts. The system forcibly sold 10,938 wstETH due to the mispriced oracle data.
Will Aave compensate users affected by the oracle bug?
Yes, Aave is preparing a compensation plan using 141.5 ETH recovered after the incident plus up to 345 ETH from the DAO treasury to reimburse affected users.
Did the Aave oracle failure create bad debt?
No, according to Chaos Labs, the incident did not create any bad debt for the protocol. All liquidations were fully covered by collateral despite the pricing error.
Read also
Weekly Recap: Aave Ecosystem Rescue Mobilizes 100,000 ETH and Quantum Computer Cracks 15-Bit ECC Key
Bitcoin held near $78,000, the DeFi community rallied over 100,000 ETH to help Aave recover from the Kelp hack, and a researcher cracked a 15-bit ECC key on a quantum computer.
Oil Price Surge Triggers $17.18M Liquidation of Hyperliquid Whale
A sharp rally in Brent crude oil futures on Hyperliquid triggered $46.6 million in forced liquidations. The largest single position wipeout cost one trader $17.18 million.
Aave Becomes First DeFi Protocol to Surpass $1 Trillion in Cumulative Loans
Lending protocol Aave has reached a historic milestone: its all-time loan volume has exceeded $1 trillion, a first for any DeFi project. The achievement comes amid governance tensions within the DAO.
Drift Secures $148M From Tether and Partners to Compensate Hack Victims
Solana-based protocol Drift has secured $148 million from Tether and other partners to recover from a $295 million hack and compensate affected users.
TON Wallet Introduces Yield Vaults for BTC, ETH, and USDT Directly in Telegram
TON Wallet has launched yield vaults for BTC, ETH, and USDT directly within Telegram, offering up to 18% APY on stablecoins through partnerships with Morpho, TAC, and Re7.
Stablecoin Transfer Volume Hits $10.5 Trillion in January — Highest Since April 2022
January stablecoin transaction volume surpassed $10.5 trillion, marking the highest monthly figure since April 2022. USDC led transfers while USDT maintained market cap dominance.