Original Author: Sanqing, Foresight News
In the early hours of March 11, a rare abnormal liquidation occurred in the decentralized lending protocol Aave. There was no market crash, no external attack, but approximately $27 million in lending positions were forcibly liquidated within hours, with 34 accounts and a total of about 10,938 wstETH being "harvested" by on-chain liquidation bots.
Image Source: CHAOS LABS Liquidation Data Tracking
Aave's risk management partner, Chaos Labs, was the first to respond on X, with its CEO Omer Goldberg clearly stating, "No bad debts were incurred, all affected users will be fully compensated." Aave Labs founder Stani Kulechov also posted on X, "The Aave protocol itself is not affected."
Guardians Turned Harvesters
Unlike most liquidation events, this time there was no market crash, no external attack, and no distortion of price feed data. The truth was clarified in the Post-Mortem report released by Chaos Labs on the governance forum.
The quotes from the underlying oracle were completely accurate, and the real culprit was an internal security module named CAPO (Capped Asset Price Oracle). This is a set of mechanisms designed specifically to prevent price manipulation, but this time it unexpectedly became the liquidation trigger for users while acting as a "guardian".
In handling wstETH, a yield-bearing token that continuously accumulates staking rewards, Aave set a maximum price increase limit to prevent anyone from artificially inflating the token exchange rate to artificially increase collateral valuation.
CAPO relies on two parameters to operate in tandem: snapshotRatio (snapshot exchange rate, subjected to hard constraints on-chain, can rise a maximum of 3% every 3 days) and snapshotTimestamp (snapshot timestamp, with no equivalent rate limit). Both were supposed to be synchronized in their updates, but once misaligned, the calculated "maximum allowed exchange rate" would deviate from the true market price.
This misalignment occurred exactly as described. The system attempted to update the snapshot exchange rate from about 1.1572 to the target of 1.2282, but due to the rate constraint, it could only advance to 1.1919; meanwhile, the timestamp jumped straight to the corresponding anchor point from 7 days ago, without any hindrance.
The two parameters updated separately and did not align with each other, leading to CAPO's final calculation of the maximum allowable wstETH exchange rate being about 1.1939, approximately 2.85% lower than the true market price.
Image Source: Chaos Labs Governance Forum Post-Mortem
Under ordinary positions, a 2.85% deviation may just be noise; however, in Aave's E-Mode (high-efficiency mode), users can borrow at leverage rates significantly higher than normal, making positions highly sensitive to price deviations.
The systemic undervaluation of wstETH by the protocol pushed a batch of positions that were above the safe threshold over the liquidation line, and the on-chain bots completed the rest.
In terms of profit flow, the liquidator earned about 116 ETH in standard liquidation rewards; another approximately 382 ETH came from arbitrageurs profiting from the price difference between the protocol's undervaluation and the true market price.
A total of about 499 ETH (equivalent to about $1.27 million) flowed out from the positions of the affected users. The outcome at the protocol level was clean and straightforward: zero bad debts, the funds pool was unaffected, and all losses impacted only 34 liquidated user addresses.
Chaos Labs: We Will Compensate Everything
The entity that responded most directly during the incident was the risk management partner Chaos Labs. CEO Omer Goldberg clearly stated on X, "Every affected user will receive full compensation." He also admitted that the error in configuring the risk oracle, as a core infrastructure of the protocol, is a serious lesson, and the team will conduct a comprehensive review of the parameter update process.
Image Source: Omer Goldberg Tweet
In terms of compensation execution, Chaos Labs has recovered about 141.5 ETH through BuilderNet, combined with funds added from the Aave DAO treasury, with a compensation cap expected to be around 345 ETH (approximately $870,000) to cover all affected accounts.
During the emergency handling phase, the team temporarily reduced the wstETH borrowing limit for affected instances (Core and Prime) to 1, manually realigned the two snapshot parameters through the Risk Steward mechanism, and after completing repairs, restored the borrowing limits to their original values (Core: 180,000, Prime: 70,000).
Oracle Issues Are Not a New Topic
This is not the first time the DeFi world has been overturned by oracle issues. Just recently (on February 18), the lending protocol Moonwell briefly priced cbETH at about $1 (with a market price of about $2200) due to an oracle configuration error, ultimately resulting in nearly $1.8 million in bad debts. Earlier incidents such as the Mango Markets manipulation incident and the Euler Finance vulnerability left lessons amounting to hundreds of millions of dollars.
However, Aave's incident has its uniqueness. The cause of the error was not external data, but rather the internal security layer built specifically to combat manipulation. This "shield" inadvertently became a blade that can harm under specific conditions.
"Code is Law" is the creed of decentralized finance, and the automated execution of smart contracts eliminates the space for human intervention but also means that every misalignment of parameters can result in an irreversible action being completed without users noticing.
Chaos Labs' commitment to compensation may repair this breach at the economic level, but a more fundamental repair must occur at the engineering level. Validation of parameter updates, consistency checks of on-chain constraints, and a real-time monitoring mechanism capable of sounding alarms before an error occurs.
免责声明:本文章仅代表作者个人观点,不代表本平台的立场和观点。本文章仅供信息分享,不构成对任何人的任何投资建议。用户与作者之间的任何争议,与本平台无关。如网页中刊载的文章或图片涉及侵权,请提供相关的权利证明和身份证明发送邮件到support@aicoin.com,本平台相关工作人员将会进行核查。
