On March 10, 2026, decentralized lending platform Aave encountered a significant challenge due to an oracle misconfiguration, resulting in approximately $27 million in liquidations across around 34 user accounts. The malfunction was linked to a technical issue affecting wstETH, a token representing staked ether issued by Lido, which was inaccurately priced by the protocol during a critical period.
Oracles play a pivotal role in decentralized finance (DeFi) by providing real-time price data to blockchain applications. Aave depends on these services to monitor the value of the collateral backing loans. When the collateral value drops below a required threshold, the system automatically liquidates the affected positions to mitigate risk.
The error originated within Aave’s Correlated Asset Price Oracle (CAPO), designed specifically to prevent drastic price fluctuations by capping how quickly the value of yield-bearing tokens can increase. CAPO utilizes a snapshot ratio and a timestamp to calculate allowable exchange rates. In this instance, a misalignment between these two values led to a critical misvaluation of wstETH.
Chaos Labs, Aave’s principal risk management provider, explained that during an off-chain update, an attempt was made to set the snapshot ratio to approximately 1.2282. However, due to an on-chain restriction limiting increases to 3% every three days, the update could not be executed seamlessly. Consequently, the snapshot ratio fell out of synchronization with its timestamp, resulting in a capped exchange rate of around 1.1939—significantly less than the market rate of approximately 1.228.
This miscalculation effectively undervalued wstETH by approximately 2.85%, causing certain borrowing positions to breach their safety margins. In total, about 10,938 wstETH was liquidated, with third-party liquidators profiting approximately 499 ETH from these transactions.
Response and Compensation for Affected Users
Fortunately, Chaos Labs reported that no bad debt was incurred by Aave, and the protocol itself remained unaffected by the incident. Aave Labs founder and CEO Stani Kulechov reaffirmed on social media that the integrity of the Aave Protocol had not been compromised by the glitch.
“Every affected user will be fully reimbursed,” stated Omer Goldberg, CEO of Chaos Labs, emphasizing their commitment to rectifying the situation.
In terms of recovery measures, Chaos Labs acted swiftly to reduce wstETH borrow caps and manually realign the snapshot parameters to their rightful values. A compensation plan is already in motion, wherein Chaos Labs has so far recovered 141.5 ETH from the incident and will draw from the Aave DAO treasury to cover the remaining 345 ETH to reimburse those impacted.
Despite the significant pricing gap generated by the oracle error, total trading volume for wstETH over the subsequent 24-hour period was approximately $10 million, suggesting that few traders were able to capitalize on the discrepancies before corrections were implemented.
The recent incident underscores the inherent vulnerabilities that can arise within DeFi ecosystems, even in well-established protocols like Aave. As the industry continues to evolve, the need for robust oracle mechanisms and responsive risk management practices remains more critical than ever.
