A significant financial incident recently unfolded on the Aave lending platform, leading to substantial liquidations for numerous users. This event, which saw 34 accounts collectively lose $26 million, was directly attributed to a critical misconfiguration within one of Aave’s core infrastructure components: the Correlated Asset Price Oracle (CAPO) system.
Understanding the Oracle Failure
The incident stemmed from a crucial discrepancy within Aave's Correlated Asset Price Oracle (CAPO), a mechanism designed to prevent drastic price fluctuations in yield-bearing tokens like wstETH by calculating their maximum allowable exchange rate. A conflict between the oracle's "snapshot ratio" and "snapshot timestamp" parameters caused it to incorrectly peg wstETH at 1.1939, significantly below its true market value of 1.228. This 2.85% deviation, exacerbated by a smart contract limitation that prevented the full parameter update in a single iteration, triggered a cascade of liquidations, impacting approximately 10,938 wstETH. While third-party liquidators capitalized on the error, earning around 499 ETH, Aave itself reportedly did not incur any unrecoverable bad debts.
Aave's Swift Response and Compensation Plan
In the wake of the incident, Aave's development team acted quickly to contain the damage. They promptly reduced wstETH borrowing limits and manually adjusted the faulty oracle parameters to restore accurate price feeds. Critically, Aave has announced a comprehensive compensation plan to reimburse affected users. This plan will leverage 141.5 ETH successfully recovered post-incident, supplemented by up to 345 ETH from the Decentralized Autonomous Organization (DAO) treasury. Aave has reassured its community that the underlying architecture of its oracles remains secure, emphasizing that the liquidations were a result of a specific configuration conflict rather than a fundamental flaw in the system.
