sandmark.com
Aave, a decentralized lender, suffered a glitch that resulted in $26mn worth of tokens being unnecessarily wiped out, according to a 'post-mortem' incident report.
The protocol saw a massive jump in liquidations caused by an update in one of its risk-system oracles.
Oracles are automatic gateways that feed price data on a blockchain. If there is a mismatch between the data fed by the oracle and real prices, it can cause premature liquidations. Though rare, glitches and exploits on oracles are also a popular tool used by attackers to take advantage of crypto protocols and mint unearned tokens.
Price mismatch
According to a post-mortem report from Aave’s risk manager Chaos Labs, an update on the Correlated Asset Price Oracle (CAPO) led to a price mismatch on the lender. wstETH, a token that users receive for staking their Ether on the platform Lido, was specifically impacted by the glitch.
Due to the erroneous update on the risk oracle, Aave’s liquidation mechanism
assumed that the price of wstETH had fallen by more than 2.8% from the actual price
causing several positions on the lender to be liquidated.
User reimbursements
The issue has since been fixed, and the affected users will be reimbursed using the network’s treasury and the confiscated tokens from the incident, according to the report.
AAVE, the token related to the protocol, has declined almost 5% since the Tuesday publication of the report and was trading at $109.14 as of 08:31UTC on Wednesday. The report did not identify the timing of the incident.