Aave v2/v3 security incident 04/11/2023

If all AIPs execute as intended, we’ll be back to normal on V3 this Sunday and on V2 this Monday.


As an update for the community, proposal 358 has been executed early today, following the timeline. This doesn’t create any meaningful effect on users, as all affected assets are still paused.

The next event will be on Sunday November 12th, 2023, 07:30-09:30 PM UTC, when assets on v3 Optimism/Arbitrum/Optimism/Polygon will be unpaused.

P.S. To keep clarity on this highly populated thread, we will move all BGD updates to the 1 post, with the time of publication.


you said optimism twice, but didn’t mention avalanche. did you mean to include avalanche?

avalanche is included, it was already stated and clarified within this thread by @bgdlabs

Rest assured after this weekend everything will be normal again. Please be patient.


thanks, you guys have my support.

You’re just simply gaslighting. Freezing assets, unable to use stablecoins can deeply affect people. I hope you can simply understand that, I was partially liquidated as well when I was backed into a corner. The whole situation has caused a frenzy. In a normal condition things would be much different right now.


It is VERY CLEAR what YOU have done:

You took out as much Polygon as you could out of the ecosystem, AFTER the announcement of Pause/Freeze

You knew very well by doing that, it would reduce your Health Factor, but you kept doing it anyway.

As such, even though Polygon went up 20% since the pause/freeze, when price retracts 5% you got liquidated (because you kept taking collateral OUT)

It is your own doing to over leverage by taking Polygon collateral out for your own safety, and you expect the protocol to compensate you when your Health Factor falls below 1.0x ? What about the LP who lent you the stable coins??? Have you considered their deposits safety?

The ONLY priority right now for the AAVE admin/dev, is to ensure the protocol is safe when the platform reopens.

@EzR3aL @bgdlabs

I am sure you heard about what just happened to Poloniex, as millions got drained.

Please ignore all the inconsiderate comments here, made by people who CONTINUOUSLY TOOK COLLATERAL OUT and then demand compensation when their portfolio got liquidated, or the ones whining about having to pay high rate FOR ONE WEEK.

Please freeze/pause as long as it takes to ensure the protocol is SAFE before it reopens. The LAST thing the community want is another Poloniex, Luna, Celcius, FTX, Mt Gox incident as there is $9 billion on the platform which is OUR ENTIRE LiFE SAVING.

Please double, triple, quatriple, 5x… check and check the fix before relaunch.

Thank you and peace.


You think in a normal circumstance applied anywhere else this reasoning is okay? limiting options, causing distress, causing people to do things they normally wouldn’t do if the situation isn’t normal and limiting their options to fix, improve, or making better choices. You’re going out of your way to blame someone for their choices in distress. If the only priority is to fix the protocol, then this whole idea of community is really just an ideal.


Perhaps you would rather ALL users to lose 100% of their funds due to external hack like Poloniex, then it would be much less stressful for us all yea?


It is simply 2 bad scenarios. That situation is hypothetical and hasn’t happened, as it has been stated everything is safe. However, this situation and over a week long period of being locked has affected people negatively. If the only priority is to fix the protocol, then it’s completely inconsiderate of the majority of the community who was in distress. If you can’t understand that, I wish you more empathy and consideration of others when they are affected negatively.

Scenario 1: users cannot access fund for 7 days

Scenario 2: users cannot access fund for 70 years (or forever because it is gone)

If you can’t understand that, I wish you more empathy and consideration of others when they are affected negatively, not only for a week but forever.

You’re missing my point so let me break it down for you. I understand the reasoning for the lock, I’m not against it. However the lock has negative consequences to most users. My question I pose is what is AAVE going to do about it? Just unlock, a few hour grace period and move on? Or can they do something more for people for putting people through that.

The way you conduct yourself is so intense and argumentative.

This is not him you need to convince, but the DAO.

No one ever said there is not a negative consequence.

But from what is being done, AAVE is keeping that negative consequence to the ABSOLUTE MINIMUM, and that is keeping all our fund SAFE. All the man power right now is/should be dedicated to securing the protocol and all users fund.

Your “unlock for a few hours” suggestion is just so……out of context, do you not think for ONE SECOND hackers can utilise those “few hours” to drain everything?

Even if there is compensation plan or whatever it could all be dealt with later (obviously).

Complaining about “oh i cant access my fund for one week” is so blowing that one week pause/freeze issue out of proportion in the grand scheme of things, because if the glitch is exploited everyone will lose everything.

There is $9bn on the platform, if it collapses not only will we lose our fund, it will cripple the entire market (FTX had a $7bn hole), and sent all regulators to attack anything DEFI going forward.

Try look at the bigger picture for once, starting with fund safety, that is the biggest concern here.

Hello, the DAO forum is not meant to have this kind of chit chat,
you’re free to go on Discord or do a twitter space to discuss things on a high level, social media is meant for people to vent off, have fun there.

There’s 125 posts to date to this topic and the silent majority just want to get information on the next steps.

If there’s too much noise this information is not well transmitted to the people that needs it.

From now on, I firmly invite the community to keep this topic clear from chatter.

Moderation will be enforced.

1 Like

Can you clarify what the next steps are and how the community can go about receiving valid, and just compensation for a decision that was made against their will?

The simple fact of the matter is: any liquidations that have occured during the time where users could not interact with their debt and collateral positions is directly at the fault of the Guardians who engaged these measures.

There is a lot of confusion in the community, and a lack of clear dialogue from those who are actively involved in the incident process.

Thank you, @MarcZeller, we appreciate your commitment and contributions to the protocol!

1 Like
  1. clear next step is right here.
  1. the Guardian has been elected by the governance Community Guardian renewal with clear responsibilities and limited scope of action.
    No guardian action is made against the will of the Aave governance as the Aave governance gave mandate to the Guardian to protect the Aave users.

  2. any discussion for compensation or anything similar is unfit for this topic. Any community member is free to create a related standard TEMP CHECK proposal following the framework : [ARFC] ARFC and TEMP CHECK Framework and have discussion happens there.

This topic is only welcoming technical updates related to the 04/11 disclose event.

To clear the air a bit regarding liquidations at this time.

On v2ETH it is IMPOSSIBLE to liquidate while the market is paused.

On v3 markets, it is also IMPOSSIBLE to liquidate positions that are paused.

Paused positions have ALL contract calls disabled which includes liquidations.

To protect yourself from liquidation after the unpause, for v3 markets, add liquidity using tokens that are NOT paused or frozen before your position is unpaused. For v2, wait until the Liquidations Grace Sentinel is implemented and activated. You will get a small window to fix your position before liquidation is reactivated.

1 Like

An update for the community, proposal 359 has entered into the last timelock of 24 hours and will be ready for final execution on all networks tomorrow Sunday, 12th.

As previously described, this will mean the following:

  • All assets on Aave v3 Polygon, Arbitrum, Optimism, and Avalanche will be eligible for unpause by the Guardian.
  • The unpause by the Guardian will happen slightly later than the final proposal execution. We will try to support them to be as close as possible once the proposal has been executed on each network.
  • Aave v3 has no Liquidations Grace Sentinel, so immediately after unpause, all operations will re-start. We recommend users closely monitor their positions if they need to take any actions on the unpaused assets.
  • Aave v2 Ethereum and CRV on Aave v3 Polygon will remain paused for 1 day more.

The estimated execution times for each payload (automated by Aave Robot) are the following:

14:25 UTC

14:04 UTC

14:17 UTC

14:08 UTC

Unpausing can happen anytime after execution, whenever the Guardian can process the transaction.