The TL;DR
- Moonwell (DeFi lending protocol on Base/Optimism) executed governance proposal MIP-X43 to enable Chainlink OEV wrappers
- A misconfigured oracle reported cbETH at $1.12 instead of ~$2,200 (missing multiplication step)
- Liquidation bots seized 1,096 cbETH in 4 minutes → $1.78M bad debt
- The commit was co-authored by Claude Opus 4.6, reviewed by Copilot, approved by humans, and passed DAO governance with 99.1% approval
- Every review layer missed it. The real lesson is about process, not AI. The Technical Failure cbETH (Coinbase Wrapped stETH) needs a two-step oracle calculation: price_usd = cbETH_per_ETH × ETH_per_USD The deployed configuration only used the first factor: // What was deployed price_usd = cbETH_per_ETH // Returns ~1.12 instead of ~$2,200
A single missing multiplication. Not a reentrancy, not a flash loan, not a signature vulnerability. A configuration error that any price sanity check would have caught.
The Five-Layer Review Failure
Layer
Who
Result
1
Claude Opus 4.6 (code author)
❌ Didn't catch it
2
GitHub Copilot (code reviewer)
❌ Didn't catch it
3
Human reviewers
❌ Didn't catch it
4
DAO governance vote
❌ 99.1% approved
5
Test suite
❌ No price sanity test existed
Why This Is About Process, Not AI
Mikko Ohtamaa demonstrated that Claude CAN find this bug when given a targeted prompt. The issue isn't AI capability — it's that the process had no automated price sanity verification at any stage.
No floor. No ceiling. No "does this number make sense?" check.
The Fix: Non-Negotiable Safeguards
Price Sanity Check
require(price >= MIN_REASONABLE_PRICE && price <= MAX_REASONABLE_PRICE, "Price sanity check failed");
// Better: dynamic deviation check
uint256 deviation = _abs(currentPrice - lastKnownPrice) * 1e18 / lastKnownPrice;
require(deviation <= MAX_DEVIATION_BPS, "Price deviation exceeds threshold");
Deployment Verification
Before any oracle config goes live, verify against a trusted price source.
Tiered Timelocks
- Emergency (0-1h): Oracle pause, borrow cap reduction
- Standard (1-3d): Parameter adjustments
- Governance (5d+): Protocol upgrades The Bigger Trend Oracle failures are now the #1 attack vector in DeFi. Date Protocol Loss Root Cause Dec 2025 Ribbon Finance $2.7M Decimal mismatch Jan 2026 Makina Finance $4M Flash loan oracle manipulation Feb 2026 Moonwell $1.78M Missing multiplication Mar 2026 Aave $27.78M Oracle cap misconfiguration Key Takeaways
- Price sanity checks are non-negotiable for any oracle integration
- AI-assisted ≠ AI-audited — use independent review tools
- Emergency circuit breakers should bypass governance timelocks
- The question isn't "can AI write secure code?" — it's "when every review layer rubber-stamps a deploy, what are they actually reviewing?"
Sources: Moonwell Incident Summary, GitHub PR #578, Decrypt
Tags: #DeFi #SmartContracts #Security #AI #Ethereum #Oracle
Top comments (0)