Author: YAM, DeFi researcher; Translation: @金财经xz

Due to the abnormal price of wstETH’s oracle, AAVE users have just suffered a misplaced liquidation of US$21 million. The AAVE protocol itself did not generate any bad debts, but a large number of users with healthy positions suffered unfair liquidation.

The complete liquidation list can be viewed on the Chaos Labs website page. You need to select wstETH as the mortgage asset and WETH as the debt asset. We have not checked whether this event affects users borrowing other assets such as USDC. The direct cause of the incident lies in the incorrect adjustment of WstETHPriceCapAdapter (part of the AAVE CAPO oracle system). The system is designed to prevent manipulation attacks, such as: pushing up the wstETH/stETH exchange rate through some means → borrowing a large amount of ETH/other assets on AAVE using wstETH as collateral → arbitrage. This is a system for dealing with correlated assets that generally works well.

The above figure visually shows the working principle of wstETH's oracle on AAVE - it obtains the wstETH/ETH exchange rate from Lido, then sets the price limit through WstETHPriceCapAdapter, and finally multiplies the ETH price to calculate the actual fair US dollar value of each wstETH. The problem is that the maximum price set by CAPO was adjusted to 1 wstETH = 1.1933947 ETH, while the actual exchange rate at the time was 1.22850. The image below illustrates this adjustment change.

As for what caused the CAPO maximum price adjustment, this adjustment was initiated by Edge Risk (Chaos Labs’ off-chain risk engine). Here’s a comprehensive breakdown of how contracts work. Please pay attention to AI generation factors and pay attention to screening.

To put it simply: Chaos Labs pushes updates, AgentHub developed by BGD accepts updates, and uses Chainlink Automation to detect changes. Chaos Labs’ Edge Risk system recommended this change (adjustment of price cap from 1.228282 to 1.191926). AgentHub performed the change one block later. It’s not clear how Edge Risk arrived at the value of 1.191926. This is its proprietary off-chain technology and we have no way of knowing the internal logic. Worryingly, a similar situation almost happened almost a month ago, but wstETH’s CAPO proxy had not yet been connected to the system.

Therefore, we speculate thatthis matter is not caused by a key leak or an insider attack, but is more likely a technical issue. But we're not entirely sure yet.

As a security precaution, AAVE has adjusted the wstETH borrowing limit to 1 wstETH. Special thanks to LTV Protocol who noticed this issue 5 hours ago.

This article is not intended to discredit AAVE or Chaos Labs. In fact, we are loyal supporters of these two teams. We are only objectively stating the facts that have happened. Thank you for your understanding.