---

Borrowers who had posted wstETH (wrapped staked ETH) as collateral on Aave, one of the largest decentralized lending protocols by total value locked, woke up to forced liquidations caused not by a market crash but by a software misconfiguration. Aave's CAPO oracle reported wstETH trading at approximately 1.19 ETH at the time of the incident, while the actual market price sat closer to 1.23 ETH. That roughly 2.85% gap was enough to push certain positions below their minimum collateral thresholds, triggering automated liquidations. Liquidators collected around 499 ETH in bonuses and profits as a result.

---

What Is CAPO and What Went Wrong

CAPO stands for Correlated Asset Price Oracle. It is a protective system designed to prevent artificially inflated pricing of yield-bearing tokens like wstETH, which accrues staking rewards over time and slowly increases its ETH redemption rate. To enforce a ceiling on how fast that rate is allowed to grow in oracle terms, CAPO uses three parameters: a reference exchange rate captured at a past point in time (the snapshotRatio), the timestamp of that snapshot, and an annualized cap on allowable growth. The formula that connects them is snapshotRatio + maxRatioGrowthPerSecond × (current block timestamp - snapshotTimestamp). When the snapshotRatio and its associated timestamp fall out of sync, that calculation can produce a price ceiling that sits below the actual market rate.

The problem on March 10 was exactly that kind of mismatch. The oracle effectively capped wstETH's price below where it was trading, and the lending protocol acted on that incorrect figure.

A contributing factor was thin liquidity. The 24-hour trading volume for wstETH specifically, not for ETH broadly, was approximately $10 million at the time of the incident. That volume was too shallow for arbitrageurs to correct the discrepancy before liquidations were already underway.

---

Who Manages the Oracle and Who Bears the Loss

Chaos Labs' Edge Risk Oracle system, which the Aave DAO approved in November 2024, was built to automate risk parameter management across more than ten networks, compressing what had previously been a 96-hour manual governance process down to under one minute. The CAPO configuration for yield-bearing assets falls within that framework.

Aave Labs founder and CEO Stani Kulechov stated on X that there was "no impact to the Aave Protocol," a technically accurate claim in the sense that Aave itself incurred no bad debt. The loss fell entirely on the borrowers who were liquidated. Chaos Labs CEO Omer Goldberg did not address that distinction directly but pledged full reimbursement. "Every affected user will be fully reimbursed," Goldberg said, adding that risk oracles are "critical infrastructure for Aave and have secured hundreds of billions in loans, liquidations, and markets since go-live." A contributor to Lido, the protocol that issues wstETH, confirmed the token itself and the underlying Lido protocol operated normally throughout the incident.

The specific reimbursement process, including whether affected users will receive a direct wallet transfer, must submit a DAO claim, or follow another procedure, had not been publicly detailed at the time of publication. Chaos Labs had not yet disclosed a timeline, eligibility criteria, or delivery method.

---

Why This Matters Beyond the Protocol

Aave currently holds approximately $26.46 billion in TVL across its markets, and recently became the first DeFi protocol to process a cumulative $1 trillion in loans. An oracle misconfiguration affecting a fraction of a percent of its book is not a systemic crisis. But the nature of who bears the cost matters.

For users in regions where DeFi serves as primary financial infrastructure rather than a supplement to it, the implications are sharper. Nigeria ranks sixth globally in Chainalysis's 2025 Crypto Adoption Index but third specifically in DeFi value received, reflecting a population that uses on-chain protocols for financial access at a level disproportionate to its overall ranking. India ranks first globally in overall crypto adoption, with substantial DeFi engagement through yield strategies that use assets like wstETH as collateral. Pakistan ranks third, with APAC on-chain transaction volume growing 69% year over year through mid-2025.

For borrowers in these markets, the path to reimbursement may carry additional friction. DAO governance claims, gas costs, and documentation requirements can be disproportionately burdensome for retail users navigating English-language forums under local regulatory uncertainty. Incident communications published through governance forums and social media also tend to reach emerging-market users later, meaning they may interact with a glitched protocol state longer than users with real-time monitoring infrastructure. The absence of a published reimbursement mechanism at the time of this writing compounds that concern.

---

What Comes Next

Governance discussions around CAPO parameter management had already flagged this category of risk. In a February 2026 governance proposal, reviewer LlamaRisk warned that existing update constraints "might prove insufficient during sustained, aggressive changes" in yield profiles. That same proposal introduced concrete new safeguards: a 3% per-update cap on snapshotRatio changes and a 3-day timelock on updates. The March 10 incident occurred despite those measures being in place. The failure mode was not an aggressive forward movement in rates but the reverse: a configuration lag where the snapshot fell behind actual market rates rather than ahead of them.

For builders deploying Aave forks or building on top of V3 across emerging markets, the incident underscores a specific gap: automation speed does not guarantee configuration correctness. Independent monitoring of oracle-reported prices against live market prices on yield-bearing collateral is now a practical necessity, not a nice-to-have, particularly in lower-liquidity deployments where the correction window is even narrower than the $10 million that proved insufficient here. Neither Chaos Labs nor the Aave DAO had published a post-mortem or announced specific parameter fixes at the time of publication.