Users lost 345 ETH as a result of unexpected liquidations in the wstETH E-Mode market caused by a configuration issue in Aave's CAPO Oracle system. A synchronisation issue between the contract's validation rules and stored Oracle parameters was revealed shortly after the Chaos Oracle went on the internet.

Affected users underwent liquidations as a result of an artificially reduced Oracle pricing, despite the protocol not incurring any bad debt. It has been confirmed by Aave DAO service providers that all affected subscribers will receive reimbursement.

• CAPO Oracle System & Its Role in Aave's Risk Management
• The Misconfiguration That Triggered wstETH Liquidations
• How Timestamp & Ratio Desynchronisation Distorted the Oracle Price?
• Immediate Response & Recovery Measures

CAPO Oracle System & Its Role in Aave's Risk Management

Aave uses risk oracles to regularly update important protocol parameters so that it can adjust to shifting market conditions. More than 1,200 payload updates impacting more than 3,000 parameters have been issued by these risk oracles since their inception more than a year ago, supporting the protocol during its highest growth phase and securing hundreds of billions in loans, liquidations, and market activity.

In order to protect against a known Oracle exploit vector, the Correlated Asset Price Oracle (CAPO) mechanism was implemented. This hack includes manipulating collateral valuations inside loan protocols by artificially inflating exchange rate values, frequently through donation assaults.

In order to solve this, CAPO uses actual growth dynamics experienced over time to determine a maximum cap on the exchange rate oracle. It functions as a hybrid oracle.

On-chain smart contracts created by BGD serve as the authoritative source of truth and enforce validation logic, while the off-chain Chaos Oracle computes and sends updates to the maximum exchange rate. The CAPO wstETH smart contracts were activated earlier in 2024, even though the Chaos Oracle went live on the day of the tragic event.

The contract stored a snapshot ratio of about 1.15 during initialisation, which subsequently turned out to be a crucial component of the problem.

The Misconfiguration That Triggered wstETH Liquidations

The Chaos Oracle computed the accurate wstETH/stETH snapshot ratio of roughly 1.2282 at 11:46 UTC. This figure was calculated using the exchange rate that was seen seven days beforehand, which is the reference window that CAPO uses to calculate exchange rate growth.

In most cases, the upper bound for legitimate exchange rate adjustments within the contract is established using this snapshot ratio as the reference point. The upgrade was refused by the contract, nevertheless.

A regulation that restricts the snapshot ratio increase to 3% throughout three days is enforced by the CAPO contract. The new value surpassed the allowed growth limit since the correct ratio has greatly grown in comparison to the stale value held since February 2024.

The Oracle used its preprogrammed fallback process when the right ratio could not be entered. The contract was queried to find the greatest permitted ratio under the current constraint, and that amount was then submitted.

The Oracle successfully filed the contract, which returned a maximum permitted ratio of about 1.19. This backup plan is deliberate.

Submitting the maximum permitted ratio keeps the oracle as close to the actual market exchange rate as feasible while still adhering to contract limits when the prior snapshot ratio is almost accurate. However, in this instance, the capped value that was finally submitted and the actual exchange rate differed significantly due to the out-of-date snapshot ratio.

1/ stETH CAPO Misconfiguration

Today, a misconfiguration on Aave's CAPO oracle caused wstETH E-Mode liquidations, resulting in a loss of 345 ETH.

No bad debt was incurred, and all affected users will be fully reimbursed.

More below.

— Omer Goldberg (@omeragoldberg) March 10, 2026

How Timestamp & Ratio Desynchronisation Distorted the Oracle Price?

Because the snapshot ratio and snapshot timestamp were handled differently in the CAPO contract, the issue became crucial. The contract's 3% growth clause rigorously limited the ratio's pace, but it did not apply to the date linked to the snapshot.

Because of this, the contract continued to treat the date as reflecting the entire seven-day growth window that the Chaos Oracle utilised to determine the correct ratio, even after the capped ratio of around 1.19 was provided. Both the stored ratio and the amount of time that has passed since that snapshot are used by CAPO to determine its exchange rate cap.

The computed cap was lower than the actual market exchange rate since the timestamp assumed a longer growth period, and the ratio was lower than the true market ratio. The Oracle price was unfairly lowered by about 2.85% in relation to the actual market value due to this mismatch.

This low oracle price caused automated liquidations across all impacted positions under Aave's wstETH E-Mode. The affected users lost a total of 345 ETH as a result of these liquidations, even though the protocol itself did not accrue any bad debt.

Immediate Response & Recovery Measures

The Chaos and BGD teams quickly moved to stabilise the system after determining the problem. In order to effectively minimise future exposure while the problem was being fixed, the initial step was to lower the wstETH borrow caps to 1 across all impacted instances.

The teams then used the Risk Steward mechanism to manually align the snapshot ratio and return the CAPO exchange rate to its proper operating state. The Oracle system went back to normal after these interventions, and the exchange rate computations were fixed.

In order to ensure that all users impacted by the liquidations will receive complete compensation, Aave DAO service providers are now preparing a recovery strategy. The full post-mortem report is anticipated to include additional technological adjustments intended to avoid such discrepancies in the future.

Furthermore, BuilderNet refunds have already returned 141 ETH, which will help offset the losses sustained during the event.

If you find any issues in this article or notice missing information, please feel free to reach out at team@etherworld.co for clarifications or updates.

To promote your Web3 articles, events, and projects, you may reach out anytime via EtherWorld PR for submissions and collaboration.

Related Articles

1. Aave v3 May Soon Expand to Mantle Network – Here’s What You Need to Know
2. Aave launches GHO on Ethereum mainnet
3. Aave V3.0.1 is active on Ethereum mainnet
4. GHO stablecoin deployed by Aave on Ethereum testnet
5. Chainlink's Cross-Chain Interoperability Protocol Goes Live on Multiple Mainnets

To follow blockchain news, track Ethereum protocol progress, and read our latest stories, subscribe to our weekly today.