Oracle "Malfunction," Aave experiences $27 million in abnormal liquidations

Author: Sanqing, Foresight News

Early morning on March 11, a rare abnormal liquidation occurred on the decentralized lending protocol Aave. There was no market crash or external attack, but approximately $27 million in lending positions were forcibly liquidated within hours, affecting 34 accounts and a total of about 10,938 wstETH tokens, which were “harvested” by on-chain liquidation bots.

Image source: CHAOS LABS Liquidation Data Tracking

Aave’s risk management partner Chaos Labs responded first on X (Twitter), with CEO Omer Goldberg clearly stating: “No bad debt was incurred, and all affected users will be fully compensated.” Aave Labs founder Stani Kulechov also posted on X: “The Aave protocol itself is unaffected.”

Guardians Turned Harvesters

Unlike most liquidation events, this one involved no market crash, no external attack, and no price feed distortion. Chaos Labs, Aave’s risk management partner, clarified the facts in a post-mortem report published on the governance forum.

The underlying oracle prices were entirely accurate. The real culprit was an internal security module called CAPO (Capped Asset Price Oracle). This mechanism was specifically designed to prevent price manipulation but, in this case, unexpectedly became a trigger for user liquidations, acting as a “guardian” turned harvester.

When handling yield-bearing tokens like wstETH that continuously accrue staking rewards, Aave sets a price growth cap to prevent users from artificially inflating collateral value by raising the token’s exchange rate.

CAPO relies on two parameters working together: snapshotRatio (the snapshot exchange rate, constrained on-chain to increase by no more than 3% every 3 days) and snapshotTimestamp (the snapshot timestamp, which has no similar rate limit). These two should update synchronously; if they fall out of sync, the calculated “maximum allowed exchange rate” will deviate from the true market price.

This time, such a mismatch occurred. The system attempted to update the snapshot rate from approximately 1.1572 to a target of 1.2282, but due to rate constraints, it only advanced to 1.1919; meanwhile, the timestamp jumped directly to the anchor point from 7 days earlier, without any hindrance.

With each parameter updating independently and out of sync, the CAPO’s final calculation of the maximum allowed wstETH exchange rate was about 1.1939, roughly 2.85% below the actual market price.

Image source: Chaos Labs Governance Forum Post-Mortem

In normal positions, a 2.85% deviation might just be noise; but in Aave’s E-Mode (high-efficiency mode), users can borrow at much higher leverage, making their positions extremely sensitive to price deviations.

The systematic undervaluation of wstETH by the protocol pushed a batch of positions, which were just above the safety threshold, over the liquidation line, allowing on-chain bots to complete the rest.

From the profit flow perspective, liquidators received about 116 ETH as normal liquidation rewards; additionally, approximately 382 ETH came from arbitrage profits due to the price gap between the protocol’s undervaluation and the market’s true price.

In total, about 499 ETH (equivalent to roughly $1.27 million) flowed out from affected user positions. The protocol’s outcome was clean: zero bad debt, the liquidity pool remained intact, and the only losses affected 34 liquidated user addresses.

Chaos Labs: We Cover It All

The most direct party involved in the incident was Chaos Labs itself. CEO Omer Goldberg explicitly stated on X: “Every affected user will receive full compensation.” He also admitted that the risk oracle, as a core infrastructure of the protocol, suffered a serious misconfiguration this time, and the team will conduct a comprehensive review of the parameter update process.

Image source: Omer Goldberg’s Tweet

Regarding compensation, Chaos Labs has recovered about 141.5 ETH through BuilderNet, and with additional funding from the Aave DAO treasury, the payout cap is expected to be around 345 ETH (about $870,000), covering all affected accounts.

In the emergency response phase, the team temporarily reduced the wstETH borrowing limit for affected instances (Core and Prime) to 1, manually realigned the two snapshot parameters via the Risk Steward mechanism, and after fixing the issue, restored the borrowing limits to their original levels (Core: 180,000, Prime: 70,000).

Oracle Issues Are Not New

This is not the first time the DeFi world has been shaken by oracle problems. Not long ago (February 18), lending protocol Moonwell experienced a temporary mispricing of cbETH at about $1 (market price around $2,200) due to an oracle configuration error, resulting in nearly $1.8 million in bad debt. Earlier incidents like Mango Markets manipulation and Euler Finance vulnerabilities have also left lessons worth hundreds of millions of dollars.

However, this incident with Aave has its particularities. The cause of the error was not external data but an internal security layer designed to prevent manipulation. This “shield” became a harmful blade under certain conditions.

“Code is Law” is the creed of decentralized finance. The automation of smart contracts eliminates human intervention, but it also means that every parameter mismatch can lead to an irreversible operation without users noticing.

While Chaos Labs’ compensation promise may repair the economic damage, more fundamental fixes are needed at the engineering level: validation of parameter updates, on-chain consistency checks, and a real-time monitoring system capable of alerting before errors cause damage.