A configuration error in the risk oracle system used by cryptocurrency lending platform Aave resulted in the liquidation of approximately $27 million in wrapped positions staked in Ether (wstETH), prompting the protocol to switch to compensating affected users.
In the autopsy published On Tuesday, Aave reported that approximately 10,938 wstETH worth approximately $27.1 million was liquidated after the protocol used an exchange rate that was 2.85% below the current market rate for wstETH and Lido bet on Ether.
The issue resulted from a mismatch between the snapshot rate and the snapshot timestamp in the Capo-Oracle risk configuration, which caused the system to calculate the maximum allowed exchange rate below the actual on-chain rate.
Aave stated that the incident did not result in any bad debts for the protocol, but liquidators seized approximately 499 Ether (ETH) in the form of premium and value associated with the price deviation.
Chaos Risk Oracles is an external tool used at Aave that has processed more than 1,200 payloads and 3,000 parameters without problems, Aave founder and CEO Stani Kulechov said in Wednesday’s X issue post.
“A technical misconfiguration resulted in the liquidation of positions that were already close to the liquidation threshold,” Kulechov said, adding that “the configuration problem has now been fixed.”
He said the Aave protocol does not create any bad debts and that a total of 345 Ether ($700,000) went to the liquidators as windfall surplus in the liquidation.
Related: Bitcoin Recovery Meets DeFi Tensions as Aave Split Deepens: Finance Redefined
Aave will compensate terminated users
Aave said it recovered 141 ETH ($285,000) in liquidation bonus through BuilderNet refunds and another 13 ETH in liquidation fees, which will be used to compensate affected users who were liquidated as a result of the incident. DAO treasury funds will be used to cover any shortfall.
This incident contributes to broader analysis of Oracle-related security pricing and risk controls in decentralized financial lending markets. In slow February, attackers siphoned approximately $10 million from a loan pool managed by the YieldBlox DAO built on the Blend protocol through a price manipulation attack.
Related: Aave’s proposal clears first hurdle with 52.6% support in the face of shared management
The rift in Aave’s management deepens following its departure from ACI
The decommissioning also comes at a time of tension in the Aave ecosystem following the Aave Chan Initiative’s decision earlier this month not to renew its partnership with the DAO.
ACI cited concerns about governance standards and voting dynamics during the application process. In response to the governance dispute, Kulechov said DAOs need to rethink the weight of token holder votes relative to leadership contributions.
Kulechov argued that token holders should not vote on everything because the operation of blockchain protocols requires a team and leaders, not thousands of votes that can lead to politicized or ineffective governance efforts.
Warehouse: Cryptocurrencies like Humpy play with DAO votes – but there are solutions
