On March 11, it was reported that the decentralized lending protocol Aave recently experienced a large-scale liquidation event caused by a misconfiguration in the price oracle. Due to a temporary misjudgment of the Wrapped stETH (wstETH) price by the system, about 34 accounts’ collateral positions were automatically liquidated, involving approximately $26 million worth of assets, sparking widespread discussion in the DeFi community about oracle security and liquidation mechanisms.
According to subsequent disclosures, this incident was not due to a real market price decline but resulted from a technical discrepancy in Aave’s internal pricing system. Aave relies on on-chain price oracles to assess the value of collateral assets. When the collateral value falls below the safety threshold for lending, the system automatically executes liquidation to protect lenders’ funds.
The issue stemmed from Aave’s use of a security mechanism called CAPO (Capped Asset Price Oracle). This mechanism aims to limit abnormal asset price surges to prevent malicious market manipulation. However, due to unsynchronized updates of two key configuration parameters, the system temporarily calculated the wstETH price to be about 2.85% below its actual market value.
This seemingly minor price discrepancy had limited impact on ordinary users but was enough to trigger automatic liquidation for accounts with high leverage and collateral ratios close to the liquidation threshold. Ultimately, the system sold 10,938 wstETH to cover the loans, even though these positions should have remained safe under normal price conditions.
Risk analysis firm Chaos Labs released a report indicating that during the liquidation process, third-party bots monitoring liquidation opportunities earned approximately 499 ETH in profit. Although some user positions were forcibly closed, the Aave protocol itself did not suffer financial losses; all loans were repaid, and protocol reserves were not depleted.
Aave founder Stani Kulechov stated that the protocol’s security was not compromised, but affected users did incur losses. Therefore, the community will initiate a compensation mechanism. Currently, Aave has recovered about 141.5 ETH and 13 ETH in fees through the BuilderNet refund process, which will be directly returned to affected users.
Regarding the remaining funds, Aave confirmed that up to 345 ETH will be covered by the DAO treasury. This treasury is funded by protocol income and is used to handle emergency risks and protect user interests.
Meanwhile, community member Frida raised questions on the forum, suggesting that Chaos Labs, responsible for oracle configuration risk management, should bear some responsibility. In response, Chaos Labs founder Omer Goldberg stated that all affected users will receive full compensation, but the incident is categorized as a configuration issue rather than a system design flaw.
After the incident report was released, market reactions remained relatively stable, with AAVE’s price rising approximately 1.53% to $110.52, indicating that investors believe the issue has been effectively contained.
Disclaimer: The information on this page may come from third parties and does not represent the views or opinions of Gate. The content displayed on this page is for reference only and does not constitute any financial, investment, or legal advice. Gate does not guarantee the accuracy or completeness of the information and shall not be liable for any losses arising from the use of this information. Virtual asset investments carry high risks and are subject to significant price volatility. You may lose all of your invested principal. Please fully understand the relevant risks and make prudent decisions based on your own financial situation and risk tolerance. For details, please refer to
Disclaimer.
