One of the largest DeFi lending protocols, Aave, experienced a major incident — a pricing oracle configuration error led to the liquidation of 34 users' positions totaling $27 million. All affected users will receive full compensation from the DAO treasury.
What Happened
The incident occurred on March 10 due to a problem in the CAPO (Capped Price Oracle) — a specialized mechanism that limits the rate of price change for yield-bearing tokens like wstETH. The system uses a stored exchange rate and timestamp to calculate the maximum allowable price for an asset.
According to analysis by the Chaos Labs team, the reference rate and its timestamp in the smart contract were not synchronized. This mismatch caused the oracle to calculate a maximum allowable exchange rate that was lower than wstETH's actual market value by 2.85%.
Scale of Losses
A total of 34 protocol users had their positions liquidated. Liquidation bots acted instantly, capturing approximately 499 ETH in bonuses — roughly $1.2 million. These positions should not have been liquidated under normal conditions, as their collateral levels were sufficient relative to actual market prices.
How the CAPO Oracle Works
The CAPO oracle was designed to protect the protocol from price manipulation of yield-bearing assets. It sets an upper bound on how quickly the exchange rate of such tokens can increase — if the price grows too fast, the oracle caps it to prevent attacks.
However, this very protective mechanism became the source of the problem. When stored parameters are not updated synchronously, the calculated upper bound can end up below the actual market price, which is exactly what happened in this case.
Compensation Plan
The Aave team promptly confirmed that every affected user will receive full reimbursement. From the total excess liquidations, 345 ETH has been identified for direct return to user accounts. Any remaining shortfall will be covered by the protocol's DAO treasury.
This incident underscores the risks inherent even in the largest DeFi protocols. Despite numerous audits and testing, the complex interplay between oracles, smart contracts, and market data leaves room for unforeseen errors.
Market and Trust Impact
The AAVE token responded with a moderate decline, but the protocol maintained stable operations. The team's swift response and decision to provide full compensation helped prevent a deeper crisis of confidence. Nevertheless, the event serves as yet another reminder for DeFi users about the importance of risk diversification and caution when using lending protocols.
Comments
Your email address will not be published. Required fields are marked *