CAPO Oracle Configuration Flaw Triggered $27 Million Liquidation on Aave

According to a detailed analysis from Chaos Labs released on March 11, a technical misconfiguration in Aave’s CAPO risk oracle recently sparked a significant liquidation event worth approximately $27 million. The incident exposed a critical vulnerability in how the oracle’s core parameters were synchronized, resulting in an exchange rate calculation that diverged sharply from actual market conditions.

The Technical Breakdown: Parameter Synchronization Gone Wrong

The liquidation crisis originated from an on-chain constraint that prevented two critical oracle parameters from updating in sync. The snapshotRatio parameter faced a 3% growth limitation every 3 days—a safety mechanism designed to prevent manipulation. When the system attempted to update this ratio from approximately 1.1572 to its target value of 1.2282, the constraint restricted the movement to only 1.1919.

Simultaneously, the snapshotTimestamp updated successfully, but it pulled data from 7 days prior—creating a dangerous misalignment. While the timestamp refreshed, the ratio couldn’t keep pace. This temporal inconsistency meant that the CAPO-calculated exchange rate ceiling sat at roughly 1.1939, approximately 2.85% below the actual market exchange rate. For a stablecoin-like asset, this gap was enough to trigger a cascade of liquidations.

The Liquidation Event: 10,938 wstETH Under the Hammer

The parameter mismatch directly caused approximately 10,938 wstETH to face liquidation. The artificially suppressed exchange rate ceiling made these positions appear at risk according to the oracle’s flawed calculation, even though the underlying collateral maintained its true market value. Fortunately, the incident carried no systemic risk—no bad debts accumulated on the protocol, meaning the liquidation didn’t create write-downs or protocol losses.

Swift Response and Recovery

Chaos Labs and BGD Labs immediately took corrective action. They reduced the wstETH borrowing cap on affected instances to 1, effectively halting new borrowing and preventing the liquidation cascade from spreading further. Using the Risk Steward tool, the teams manually realigned the oracle parameters to restore accurate exchange rate calculations.

The recovery process yielded 141.5 ETH recovered through BuilderNet, which will be distributed to compensate affected users. The remaining shortfall will be covered by the Aave treasury. The DAO’s temporary compensation obligation is expected not to exceed 345 ETH—a manageable outcome given the incident’s severity.

What This Reveals About DeFi Risk Management

The incident underscores how precision in oracle design can make or break protocol stability. The CAPO oracle’s parameter constraints, intended as protective guardrails, inadvertently created the conditions for liquidation. While the quick response by Chaos Labs and BGD Labs prevented broader contagion, the event serves as a reminder that even sophisticated risk management systems require constant monitoring and swift intervention protocols.