Aave liquidation errors totaling approximately $26.9 million occurred on March 10, 2026, stemming from a critical bug within Chaos Labs’ Correlated Asset Price Oracle (CAPO). This significant incident impacted users who had borrowed from the wstETH/stETH pool across Aave’s Ethereum Core and Prime markets, raising concerns about oracle reliability in decentralized finance (DeFi).
The core of the problem lay in a misconfiguration of the CAPO risk oracle, a system designed to mitigate extreme price volatility. Specifically, an inconsistency arose between two crucial parameters: the snapshotRatio and the snapshotTimestamp. While an off-chain process attempted to update the snapshotRatio to its correct value of approximately 1.2282, an on-chain constraint restricted its increase to a maximum of 3% over three days. Concurrently, the snapshotTimestamp was successfully updated to a timestamp from seven days prior, creating a temporal mismatch.
Understanding the Oracle Malfunction
This critical parameter misalignment led the CAPO oracle to compute an exchange rate ceiling of roughly 1.1939. This figure was approximately 2.85% below the actual market rate of about 1.228, effectively undervaluing wstETH. The consequence was severe: automatic liquidations were triggered for approximately 10,938 wstETH across 34 affected accounts. Their “health factor,” which measures the ratio between loaned assets and collateral, dipped below the required threshold due to this erroneous valuation.
“The incident highlights the inherent complexities and potential vulnerabilities within DeFi’s oracle infrastructure, even for established protocols like Aave.”
Aave’s Swift Response and Reimbursement
Despite the substantial liquidations, the Aave protocol itself did not incur any bad debt, a testament to its underlying design. However, third-party liquidators profited approximately 499 ETH from these forced transactions. Both Chaos Labs and BGD Labs acted decisively, immediately reducing the wstETH borrowing limit on affected instances to 1. They then manually realigned the critical parameters via Risk Steward, successfully restoring the correct exchange rate and preventing further Aave liquidation errors.
Chaos Labs, a key risk management partner for Aave, has publicly committed to fully reimbursing all affected users. They have successfully recovered 141.5 ETH through BuilderNet, with the remaining amount, estimated not to exceed 345 ETH, slated to be covered by the Aave treasury. Aave founder and CEO Stani Kulechov reiterated that the protocol generated no bad debt from the incident, underscoring the resilience of the core system despite the oracle failure.
Lessons from the Incident
This episode serves as a stark reminder of the critical importance of robust and meticulously configured oracles in the DeFi ecosystem. While the protocol itself proved resilient, the incident underscores the need for continuous vigilance and advanced testing methodologies for all components, especially those feeding crucial price data. The swift response and commitment to full reimbursement by Chaos Labs are positive signs, but the event will undoubtedly prompt deeper scrutiny into the redundancy and fail-safes within DeFi’s oracle infrastructure to prevent future Aave liquidation errors.




