Decentralized Lending Protocol Aave experienced a rare abnormal liquidation in the early hours of March 11. There was no market crash or external attack; instead, an internal security module called CAPO (Capped Asset Price Oracle) had misconfigured parameters, causing the system to underestimate the value of wstETH by 2.85%. This triggered forced liquidations of 34 accounts, totaling approximately 10,938 wstETH. Lido also responded to the Aave liquidation incident, stating that it was caused by an oracle price error and was unrelated to the Lido protocol.
(Background: Aave founder predicts DeFi will face markets worth 200 trillion USD in solar energy, robots, and space financing, which is 15 times the size of the world’s top ten banks.)
(Additional context: Aave ecosystem founder: Aave Labs spent $86 million over eight years, with all six products failing.)
In the early hours of March 11, Aave experienced a rare abnormal liquidation. Without a market crash or external attack, about $27 million in lending positions were forcibly closed within hours, with 34 accounts and roughly 10,938 wstETH on-chain liquidated by bots.
Image source: CHAOS LABS liquidation tracking data
Aave’s risk management partner Chaos Labs responded first on X, clearly stating: “No bad debts occurred, all affected users will be fully compensated.” Aave Labs founder Stani Kulechov also posted on X: “The Aave protocol itself is unaffected.”
Unlike most liquidation events, this incident involved no market crash, external attack, or data feed distortion. Chaos Labs later published a Post-Mortem report on the governance forum clarifying the truth.
The underlying oracle prices were accurate; the real culprit was an internal security module called CAPO (Capped Asset Price Oracle). Designed to prevent price manipulation, CAPO unexpectedly became a trigger for liquidations, acting as a “guardian” that inadvertently caused user liquidations.
When handling yield-bearing tokens like wstETH that continuously accrue staking rewards, Aave set a cap on the price growth rate to prevent users from artificially inflating collateral value by manipulating the token’s exchange rate.
CAPO relies on two parameters working together: snapshotRatio (the snapshot exchange rate, constrained on-chain to increase at most 3% every 3 days) and snapshotTimestamp (the snapshot timestamp, with no similar rate limit). These should update synchronously; if they fall out of sync, the calculated “maximum allowed exchange rate” deviates from the true market price.
This time, a mismatch occurred. The system attempted to update the snapshot rate from about 1.1572 to a target of 1.2282, but due to the rate limit, it only advanced to 1.1919; meanwhile, the timestamp jumped directly to a point corresponding to 7 days earlier, without any obstacle.
The two parameters updated independently, leading CAPO to estimate the maximum allowed wstETH exchange rate at about 1.1939, approximately 2.85% below the actual market price.
Image source: Chaos Labs governance forum Post-Mortem
For regular positions, a 2.85% deviation might just be noise; but in Aave’s E-Mode (high-efficiency mode), users can borrow with much higher leverage, making positions extremely sensitive to price deviations.
The systemic undervaluation of wstETH caused some positions, which were above the safety threshold, to cross the liquidation line, allowing on-chain bots to complete the rest.
In terms of profit flow, liquidators received about 116 ETH in normal liquidation rewards, plus approximately 382 ETH from arbitrageurs exploiting the price discrepancy between the protocol’s undervaluation and the market price.
In total, about 499 ETH (roughly $1.27 million) flowed out from affected user positions. The protocol itself remained unaffected: no bad debts, no loss to the liquidity pool, and only 34 user addresses were impacted.
The most direct impact was on Chaos Labs, the risk management partner. CEO Omer Goldberg clearly stated on X: “Every affected user will be fully compensated.” He also admitted that the misconfiguration of the risk oracle, a core infrastructure of the protocol, was a serious lesson, and the team will thoroughly review the parameter update process.
Image source: Omer Goldberg’s tweet
In terms of compensation, Chaos Labs has recovered about 141.5 ETH via BuilderNet, and with additional funds from the Aave DAO treasury, the total payout cap is expected to be around 345 ETH (about $870,000), covering all affected accounts.
During the emergency response, the team temporarily reduced the wstETH borrowing limit for affected positions (Core and Prime) to 1, manually realigned the two snapshot parameters using the Risk Steward mechanism, and after fixing the issue, restored the borrowing limits to their original levels (Core: 180,000; Prime: 70,000).
This is not the first time DeFi has been disrupted by oracle issues. Recently (February 18), lending protocol Moonwell temporarily mispriced cbETH at about $1 (market price around $2,200) due to oracle misconfiguration, resulting in nearly $1.8 million in bad debts. Earlier incidents like Mango Markets manipulation and Euler Finance vulnerabilities have also left lessons worth hundreds of millions of dollars.
However, Aave’s incident is unique. The root cause was not external data but an internal security layer designed to prevent manipulation. Under certain conditions, this “shield” became a double-edged sword, turning into a weapon that caused losses.
“Code is Law” is the mantra of decentralized finance. Smart contracts’ automated execution eliminates human intervention, but every misconfigured parameter can lead to irreversible operations without user awareness.
While Chaos Labs’ promise of compensation may repair the economic damage, more fundamental fixes are needed at the engineering level: validation of parameter updates, on-chain consistency checks, and real-time monitoring systems capable of alerting before errors occur.
