Oracle "Outage": Aave Faces $27 Million Irregular Liquidation

Original Title: "Oracle 'Anomaly' Leads to $27 Million Aave Liquidation"

Original Author: Sanqing, Foresight News

In the early hours of March 11th, the decentralized lending protocol Aave experienced a rare abnormal liquidation event. There was no market crash, no external attack, but approximately $27 million worth of borrowing positions were forcibly closed within hours, with 34 accounts holding a total of approximately 10,938 wstETH being "harvested" by on-chain liquidation bots.

Image Source: CHAOS LABS Liquidation Data Tracker

Aave's risk management partner Chaos Labs was the first to respond on X, with CEO Omer Goldberg explicitly stating: "There is no bad debt incurred, and all affected users will be fully compensated." Aave Labs founder Stani Kulechov later posted on X: "The Aave protocol itself is not impacted."

Guardian Turned Reaper

In a departure from most liquidation events, there was no market crash, no external attack, and no oracle price feed distortion. Aave's risk management partner Chaos Labs later clarified the truth in a Post-Mortem report posted on the governance forum.

The underlying oracle's price feed was entirely accurate, and the true culprit was an internal security module called CAPO (Capped Asset Price Oracle). This is a mechanism designed to prevent price manipulation, but this time, it inadvertently became the liquidation trigger for users, acting as a "guardian turned reaper."

When handling yield-bearing tokens like wstETH, which accrue continuous staking rewards, Aave set a price acceleration cap to prevent someone artificially inflating the token's rate to falsely inflate collateral valuations.

CAPO operates based on two parameters working in synergy: snapshotRatio (snapshot rate, constrained on-chain with a maximum 3% increase every 3 days) and snapshotTimestamp (snapshot timestamp, not subject to a similar rate limit). The two should update synchronously; once misaligned, the calculated "allowed maximum rate" deviates from the true market price.

This misalignment occurred precisely this way. The system attempted to update the snapshot rate from approximately 1.1572 to the target value of 1.2282, but due to the rate constraint, it could only advance to 1.1919. Meanwhile, the timestamp jumped straight to the anchor point corresponding to 7 days ago without any hindrance.

The two parameters updated independently without aligning, causing CAPO to ultimately calculate that the highest allowable exchange rate for wstETH was approximately 1.1939, about 2.85% lower than the true market price.

Image Source: Chaos Labs Governance Forum Post-Mortem

Under normal circumstances, a 2.85% deviation may just be noise; but in Aave's E-Mode (Efficiency Mode), users can borrow with leverage significantly higher than in normal mode, making positions extremely sensitive to price deviations.

The protocol's systematic undervaluation of wstETH pushed a batch of positions, originally above the safety threshold, beyond the liquidation line, where on-chain bots took care of the rest.

In terms of profit distribution, liquidators received approximately 116 ETH as a standard liquidation reward; additionally, about 382 ETH originated from arbitrage profits between the protocol's undervalued price and the true market price.

These two sums total around 499 ETH (equivalent to about $1.27 million) drained from the affected users' positions. The protocol-level outcome was straightforward: zero bad debt, the liquidity pool remained intact, and all losses only affected 34 addresses of users who were liquidated.

Chaos Labs: We Will Fully Compensate

The most direct actor in this incident turned out to be the risk management side, Chaos Labs. CEO Omer Goldberg stated unequivocally on X: "Every affected user will receive full compensation." He also acknowledged that the risk oracle, as a core protocol infrastructure, suffered a serious lesson from this configuration error, and the team will thoroughly review the parameter update process.

Image Source: Omer Goldberg Tweet

Regarding the compensation execution, Chaos Labs has reclaimed approximately 141.5 ETH via BuilderNet and, combined with the Aave DAO Treasury supplement, the compensation cap is estimated to be around 345 ETH (about $870,000) to cover all affected accounts.

During the emergency response phase, the team first temporarily reduced the wstETH borrowing limit of the affected instances (Core and Prime) to 1, manually realigned the two snapshot parameters through the Risk Steward mechanism, completed the fix, and then restored the borrowing limit to its original value (Core: 180,000, Prime: 70,000).

Oracle Issue, Not a New Topic

This is not the first time the DeFi world has been rocked by an oracle issue. Just recently (February 18), the lending protocol Moonwell suffered a nearly $1.8 million default due to an oracle configuration error that briefly priced cbETH at around $1 (market price around $2,200). Earlier events like the Mango Markets manipulation incident, Euler Finance vulnerability, all left lessons worth hundreds of millions of dollars.

However, the Aave incident has its own uniqueness. The cause of the error was not external data but an internal security layer built specifically to combat manipulation within the protocol. This layer of "defense" ironically became a double-edged sword under specific conditions.

"Code is Law" is the creed of decentralized finance, where smart contract automation eliminates the space for human intervention, but it also means that any misalignment of parameters could silently execute an irreversible operation.

Chaos Labs' compensation pledge may be able to mend this crack on an economic level, but the more fundamental fix must occur at the engineering level. Validation of parameter updates, consistency checks of on-chain constraints, and a real-time monitoring mechanism capable of issuing alerts before errors escalate.

Original Article Link