DEV Community

liguang he
liguang he

Posted on

Aave's Week of Hell: When Safety Systems Become the Attack

The Numbers

  • $27.78M — Oracle misconfiguration, healthy positions liquidated
  • $50M — Routing failure, trade output worth $36K
  • $77.78M total — Zero exploits, zero hackers, zero contract bugs
  • 2 teams announced departure — ACI and BGD Labs In 48 hours, Aave demonstrated the most dangerous category of DeFi failure: the kind where everything works as designed, and users still lose everything.

Incident 1: The Oracle That Ate Its Users
Date: March 10, 2026 | Loss: $27.78M
Aave's CAPO (Correlated Asset Price Oracle) is a custom protective layer on top of Chainlink feeds. Its job: prevent manipulation of the wstETH/stETH exchange rate.
On March 10, it misfired catastrophically.
The Technical Failure
Chaos Labs' Edge Risk engine computed the correct snapshotRatio update (~1.2282) and corresponding 7-day-old snapshotTimestamp. AgentHub executed it on-chain via Chainlink Automation — one block from computation to execution. Zero human review.
A built-in rate limiter (3% per 3 days) truncated the ratio to ~1.1919. But the timestamp wasn't constrained by the same limiter. Result: CAPO extrapolated from a mismatched anchor, producing a ceiling of ~1.1939 — below the live market rate of ~1.2285.
Aave priced wstETH at 2.85% below reality. 34 E-Mode positions were liquidated.
The Unnoticed Near-Miss
The same parameter mismatch was computed approximately one month earlier. The CAPO wstETH agent wasn't connected yet, so nothing happened. No alarm. No review. No fix.
When the agent went live, the system replayed the same error with real consequences.
Chainlink base layer worked perfectly throughout. The failure was 100% in Aave's custom protection layer.

Incident 2: Price Impact Kills
Date: March 12, 2026 | Loss: ~$50M
A user attempted a collateral rotation: $50M aEthUSDT → aEthAAVE through Aave's CoW Swap-powered interface.
The Routing Failure
The CoW solver found a route:

  1. Burn aEthUSDT → $50.4M USDT ✅
  2. USDT → 17,957 WETH via Uniswap V3 ✅ (deep pool)
  3. WETH → AAVE via SushiSwap ❌ (pool held $74K) Step 3 pushed 1,017x the pool's WETH reserve. AMM output: 327 AAVE (~$36K). The Quote Was Already Broken The core issue wasn't slippage — it was price impact. The CoW explorer's quote showed <$140 AAVE for $50M before fees. The signed minimum buy was already 324.94 AAVE. The route was born broken, not broken in transit. The Missing Guardrail The old ParaSwap-based frontend had a ~30% hard slippage cap. When Aave Labs replaced it with CoW Protocol in December 2025, this cap was not migrated. The teams who built the original protection were not consulted. A free DefiLlama tool (LlamaSwap) blocked this trade entirely. The official Aave frontend allowed it. The $50M Food Chain
  4. MEV bot (Titan backrun): ~$34.3M (1 block)
  5. Total arbitrage extraction: ~$43M+ (12 seconds)
  6. DEX LPs (passive): ~$3.5M
  7. User: $36K

The Pattern: System Design Failures
Neither incident involved:

  • ❌ Smart contract vulnerabilities
  • ❌ Exploit code
  • ❌ Compromised keys
  • ❌ Oracle manipulation
  • ❌ Bridge attacks Both involved:
  • ✅ Configuration mismatches at off-chain/on-chain boundaries
  • ✅ Missing safety features after system upgrades
  • ✅ Automation without circuit breakers
  • ✅ No human review before execution These are exactly the failures that smart contract audits don't cover.

The Governance Signal
Within days of these incidents:

  • ACI (Aave Chan Initiative) announced departure
  • BGD Labs announced cessation of contributions
  • Marc Zeller: "Just use defillama." — reversing his iconic "Just use Aave."
  • CoW Swap fee routing controversy: $10M+/year flowing to Aave Labs, not DAO treasury When the teams that built your safety infrastructure leave, it's not a personnel issue. It's a signal.

Lessons for Builders

  1. Every automated system needs a circuit breaker that isn't itself automated. The rate limiter that truncated the ratio was also automated. The timestamp that wasn't truncated was also automated. Two automated systems disagreeing with each other, with no human referee.
  2. System upgrades should be safety-verified, not just feature-verified. When you swap a swap integration, audit that every safety property of the old system is preserved. Create a checklist. Make it part of your deployment process.
  3. "Warning + checkbox" is liability management, not user protection. When the quote itself represents a 99% price impact, asking the user to confirm is CYA, not safety.
  4. Your monitoring layer should monitor for near-misses, not just incidents. The oracle failure almost happened a month earlier. It went completely undetected.

DeFi's safety model assumes contracts are the attack surface. Aave's week of hell proves the attack surface is the entire system — and the most dangerous failures are the ones where everything works as designed.
Sources:

  • Aave Official Post-Mortem
  • Rekt - Aave
  • Rekt - Price Impact Kills
  • Decrypt
  • The Block

Top comments (0)