The decentralized finance (DeFi) lending protocol Aave experienced a significant technical malfunction on March 10, resulting in approximately $26 million worth of wstETH (wrapped staked Ether) positions being unfairly liquidated. The incident occurred on Aave's Ethereum Core and Prime instances due to a misconfiguration in its Correlated Asset Price Oracle (CAPO), a safety mechanism designed to prevent sudden price jumps.
According to a post-mortem report from Chaos Labs, Aave's primary risk management provider, the glitch stemmed from an inconsistency between the snapshot ratio and the snapshot timestamp used by the CAPO. This mismatch caused the oracle to report a capped wstETH exchange rate of roughly 1.1939, significantly below the actual market rate of around 1.228. The erroneous data triggered liquidations in E-Mode positions, impacting roughly 34 accounts and leading to the liquidation of about 10,938 wstETH.
Chaos Labs explained that an offchain process determined the correct snapshot ratio should be updated to approximately 1.2282. However, an onchain constraint limits increases to this parameter to 3% every three days, making the immediate update impossible. This created a 2.85% decrease in the effective exchange rate used by the protocol. Third-party liquidators profited approximately 499 ETH from the event, but Aave itself did not accrue any bad debt.
Following the incident, Chaos Labs intervened by temporarily reducing wstETH borrow caps and manually aligning snapshot parameters to restore the correct oracle value. A compensation plan is now underway, utilizing 141.5 ETH recovered from the incident and up to 345 ETH from the Aave DAO treasury to fully reimburse affected users. The firm emphasized that the incident reflected a configuration error, not a fundamental flaw in the CAPO or oracle design.
