Monday 30 March 2026Afternoon Edition

ZOTPAPER

News without the noise

Crypto

Aave Oracle Misconfiguration Triggers 27 Million Dollars in Wrongful Liquidations

A 2.85 per cent price error in the CAPO system undervalued wstETH collateral and wiped out 34 users in minutes

Zotpaper3 min read
The largest DeFi lending protocol by total value locked has liquidated 27 million dollars in wstETH collateral from 34 users after a misconfiguration in its own oracle system undervalued the asset by 2.85 per cent — just enough to make perfectly healthy positions appear underwater.

No hacker was involved. No flash loan. No exploit contract. Aave's Correlated Asset Price Oracle, known as CAPO, simply desynchronized two internal state variables — a snapshot ratio and its corresponding timestamp — creating a gap between the oracle's calculated maximum exchange rate and reality.

The CAPO system exists to prevent price manipulation of correlated assets like wstETH, which tracks ETH but drifts upward as staking rewards accrue. It enforces a maximum growth rate of 3 per cent every three days. When the two variables fell out of sync, the system began rejecting valid exchange rates, effectively underpricing wstETH and triggering automated liquidation bots that executed in minutes.

The incident has reignited debate about the risks of automated liquidation in DeFi. While the system worked exactly as designed — liquidating positions that appeared undercollateralised — the underlying data was wrong, meaning 34 users lost funds through no fault of their own.

Security researchers have identified five oracle safety patterns that could have prevented the incident, including synchronization checks between state variables and circuit breakers that pause liquidations when price deviations exceed expected bounds.

Analysis

Why This Matters

This is one of the largest wrongful liquidation events in DeFi history, and it was caused not by an external attack but by an internal configuration error. It exposes a fundamental tension in automated finance: the systems designed to protect users can also destroy them when the underlying data is wrong.

Background

Aave is the largest DeFi lending protocol, with billions in total value locked. Its CAPO oracle was specifically designed as a safety mechanism — the irony that it became the weapon is not lost on the community.

Key Perspectives

The incident raises questions about whether DeFi protocols need human-in-the-loop circuit breakers for liquidations above certain thresholds. Automated systems are fast but lack the judgment to distinguish between a genuine undercollateralisation and a data error.

What to Watch

Whether Aave compensates affected users, and whether other protocols audit their own oracle systems for similar desynchronization risks.

Sources