A misconfiguration in Aave’s risk-oracle system led to the liquidation of approximately $27 million in wrapped staked Ether (wstETH) positions, prompting the protocol to compensate affected users.
In a detailed post-mortem published on Tuesday, Aave explained that the liquidation of around 10,938 wstETH, valued at about $27.1 million, was caused by an exchange rate that was 2.85% below the live market rate for wstETH and Lido staked Ether. The issue arose from a misalignment between a snapshot ratio and a snapshot timestamp in the Capo risk-oracle configuration, which incorrectly calculated the maximum allowed exchange rate.
Despite the significant financial impact, Aave founder and CEO Stani Kulechov emphasized that the incident did not create any bad debt for the protocol. However, liquidators captured approximately 499 Ether (ETH) in bonuses and value tied to the pricing deviation. Kulechov noted, A technical misconfiguration resulted in the liquidation of positions that were already close to their liquidation thresholds. The configuration issue has already been remediated.
Impact and Compensation
Aave said it recaptured 141 ETH ($285,000) in liquidation bonus revenue through BuilderNet refunds and another 13 ETH in liquidation fees, which will be used to compensate impacted users. Any shortfall will be covered by the DAO treasury funds. The total compensation for liquidators amounted to 345 ETH ($700,000).
Broader Implications for DeFi
This incident highlights the ongoing challenges and risks associated with collateral pricing and oracle-related controls in decentralized finance (DeFi) lending markets. In late February, a similar price manipulation attack drained roughly $10 million from a YieldBlox DAO-managed lending pool built on the Blend protocol. These events underscore the need for robust risk management and continuous monitoring of oracle systems.
The Aave incident also occurs amid growing tensions within the Aave ecosystem. The Aave Chan Initiative (ACI) recently decided not to renew its engagement with the DAO, citing concerns over governance standards and voting dynamics. Kulechov has called for a reevaluation of the weight of token holders’ votes versus input from leaders, arguing that running blockchain protocols requires a balance between decentralized governance and effective leadership.
Looking Forward
As Aave and other DeFi protocols continue to grow, the importance of reliable and transparent risk management systems cannot be overstated. The Aave team’s swift response to the issue and their commitment to compensating affected users demonstrate a proactive approach to maintaining trust and stability in the DeFi ecosystem. Moving forward, the community will be closely watching how these protocols adapt and improve their risk controls to prevent similar incidents in the future.
About the Author
