The prophecies are out of order. Aave's in an abnormal liquidation of $27 million.

Photo by Sanqing, Foresight News

In the early hours of March 11th, there was a rare extraordinary settlement of the Decentralised Loan Agreement Aave. There was no market collapse and no external attack, but some $27 million of the borrowing slots were forced to level within hours, 34 accounts, and a total of 10,938 wstETHs were "harvested" by a chain clearing robot。

SOURCE: CHAOS LABS CLEARING DATA TRACKING

Chaos Labs, a risk management partner in Aave, was the first to respond on X, and its CEO Omer Goldberg made it clear: "No bad debts will arise and all affected users will be paid in full. "Aave Labs' founder, Stani Kulechov, then wrote on X: "The Aave Agreement itself is not affected."

Guardian, become a reaper

Unlike most liquidations, there was no market crash, no external attack and no distortion of the feed source. Aave ' s risk management partner Chaos Labs subsequently clarified the facts in the Post-Morem report issued by the Governance Forum。

The price of the bottom prophecies was itself fully accurate, and the real perpetrator was an internal security module called CAPPO (Capted Assembly Price Oracle). This is a mechanism designed specifically to guard against price manipulation, and this time, in its capacity as a "guardian " , unexpectedly became the user's clearing trigger。

In dealing with proceeds-type tokens such as wstETH, which continue to accumulate pledge proceeds, Aave set a price increase ceiling to prevent people from artificially increasing collateral valuations through higher currency exchange rates。

CAPO relies on two parameters for synergizing: snapshotRatio (synthetic exchange rate, chain rigidity, up 3 per cent every 3 days) and snapshottimestamp (synthesis time stamp, no equivalent rate limit). The two should have been updated simultaneously, and the calculation of the "permissible maximum exchange rate" would have deviated from the real market price if it had been wrong。

That's what happened this time. The system attempts to update the snapshot exchange rate from about 1.1572 to the target value of 1.228, but is bound to move only to 1.119; at the same time, the time stamp goes straight to the corresponding anchor point seven days ago, without hindrance。

The two parameters were updated and disjointed, resulting in the final calculation by CAPO of a WestETH maximum allowable exchange rate of approximately 1.1939, which is about 2.85 per cent lower than the real market price。

Source: Chaos Labs Governance Forum Post-Mortem

In the ordinary warehouse, 2.85 per cent of the deviation may be just noise; however, in the E-Mode (efficient mode) of Aave, users are able to borrow at a leverage rate much higher than the normal one, and the warehouse is extremely sensitive to price deviations。

The agreement systematically underestimated the wstETH valuation, pushing a pool of silos above the safety threshold over the clearing line, and the chain robots did everything else。

FROM THE POINT OF VIEW OF THE PROFIT FLOW, THE LIQUIDATOR RECEIVED APPROXIMATELY 116 NORMAL SETTLEMENT AWARDS FOR ETH; ANOTHER APPROXIMATELY 382 ETH DERIVED FROM THE ARBITRAGE OF THE ARBITRAGER IN THE DIFFERENCE BETWEEN THE LOW VALUATION OF THE AGREEMENT AND THE REAL MARKET PRICE。

A TOTAL OF APPROXIMATELY 499 ETH (CONVERTED $12.7 MILLION) WERE DISPLACED FROM THE POSITIONS OF THE DAMAGED USERS. THE RESULTS AT THE LEVEL OF THE AGREEMENT WERE CLEAN: ZERO BAD DEBTS, NO LOSS TO THE POOL, AND ONLY 34 LIQUIDATED USER ADDRESSES WERE AFFECTED BY THE TOTAL LOSS。

Chaos Labs: We all pay

The most direct manifestation of the accident was the risk manager Chaos Labs. CEO Omer Goldberg made it clear on X that every affected user will be paid in full. At the same time, he stated that the risk prognosis machine was the core infrastructure of the agreement, and that the misallocation was a serious lesson, and that the team would review the parameters thoroughly and update the process。

Figure source: Omer Goldberg tweet

At the enforcement level, Chaos Labs recovered approximately 144.5 ETH through BuilderNet, with a projected ceiling of about 345 ETH (approximately US$ 870,000) to cover all damaged accounts in conjunction with the Aave DAO Treasury replenishment.

During the emergency disposal phase, the team took the lead in temporarily reducing the wstETH borrowing ceiling for the affected cases (Core and Prime) to 1 and re-orienting the two snapshot parameters manually through the Risk Stewart mechanism, before restoring the borrowing ceiling to its original value (Core: 180,000, Prime: 70,000)。

It's never new

It's not the first time that DeFi's been turned over by the prophecy. Just recently (18 February), the loan agreement Moonwell, due to a prophecies error in the configuration of the machine, set the short price of cbETH at about US$ 1 (market value about US$ 2200), ultimately causing a bad debt of nearly US$ 1.8 million. The earlier Mango Markets manipulations and the Euler Finance loopholes have all left hundreds of millions of dollars in lessons。

But Aave had a special character in this accident. The cause of the error was not external data, but the security layer built within the agreement to counter manipulation itself. This layer of shields has become a wounded blade under certain conditions。

"Code is Law" is a decentralised financial doctrine, and the automated implementation of smart contracts removes space for human intervention, but also means that the mismatch of parameters in each line can be performed irrevocably without the user’s knowledge。

Chaos Labs ' commitment to pay may have made it possible to repair the crack at the economic level, but more fundamental repairs must take place in the engineering layer. Verification of the updated parameters, consistency checks of chain restraints, and a real-time monitoring mechanism capable of issuing an alarm before an error occurs。