AAVE: $21M in liquidations due to a bad oracle update

AAVE users suffered $21m in incorrect liquidations today due to a bad oracle price for wstETH. AAVE didn't suffer any bad debt, but users with healthy positions were unfairly liquidated.

Full list of liquidations can be found by going to https://community.chaoslabs.xyz/aave/risk/liquidations, and choosing wstETH as collateral, WETH as debt. We didn't check whether this impacted users who borrowed other assets, e.g. USDC.

The cause was an incorrect adjustment on the WstETHPriceCapAdapter, a part of AAVE's CAPO oracle system. The intention of the system is to prevent manipulation attacks, e.g. somehow spike the wstETH/stETH ratio -> borrow a bunch of ETH/other assets against wstETH on AAVE -> profit. It's a system that's used for correlated assets, and in general works great.

Above is a visual of how the wstETH oracle works on AAVE - it fetches the ratio from Lido, then caps it using the WstETHPriceCapAdapter, and multiplies it by the ETH price to calculate the actual fair $ price per wstETH.

The problem was that the CAPO max price was changed to 1 wstETH = 1.1933947 ETH, when the actual ratio at that time was 1.22850. The picture below shows the changes.

As for what caused the change of the CAPO max price, the change was requested by Edge Risk, Chaos Labs' Off-Chain Risk Engine. All their recommended changes are pushed here: https://etherscan.io/address/0x7abb46c690c52e919687d19ebf89c81a6136c1f2

Here is a thorough breakdown of how the contracts work. It's AI generated, keep that in mind.

TLDR: Chaos pushes updates, AgentHub (built by BGD) accepts them, using Chainlink Automation to detect the changes.

Chaos Labs's Edge risk recommended the change (1.191926 instead of 1.228282),: https://etherscan.io/tx/0xfbafeaa8c58dd6d79f88cdf5604bd25760964bc8fc0e834fe381bb1d96d3db95

AgentHub executed it one block later: https://etherscan.io/tx/0x32c64151469cf2202cbc9581139c6de7b34dae2012eba9daf49311265dfe5a1e

We don't know how Edge Risk came up with 1.191926. Its proprietary off-chain tech we don't have insights to. The scary part is that this almost happened a month earlier too, but the wstETH CAPO agent was not yet hooked up.

Because of this, we suspect this was not a compromise of compromised keys or an insider attack, but a technical issue. We don't know for certain.

TX that fixed the issue: https://etherscan.io/tx/0xb883ad2f1101df8d48f014ba308550f3251c2e0a401e7fc9cf09f9c2a158259d

As a safety precaution, AAVE changed the wstETH borrow cap to 1 wstETH: https://etherscan.io/tx/0x34f568b28dbcaf6a8272038ea441cbc864c8608fe044c590f9f03d0dac9cf7f8

Shoutout to the LTV protocol that noticed this 5 hours ago: https://x.com/ltvprotocol/status/2031351985845248370

This article is not meant to paint a bad picture about AAVE, nor Chaos Labs. We are BIG fans of both teams, and are simply highlighting what factually happened. Thanks for understanding, and apologies for the clickbait-y article picture.