Overview
Following President Trump’s announcement of new tariffs on Chinese imports, financial markets experienced one of the sharpest declines in recent history. Within just 30 minutes, Bitcoin’s price plunged more than 12%, dropping from $116,500 to $102,700. Ether saw an even steeper decline of around 20%, and many other assets lost over 50–60% of their value within 10-minute intervals. This sudden market disruption sparked a wave of liquidation cascades across both DeFi and CeFi platforms.
During this period, we observed significant irregularities in oracle price feed behavior. Several assets exhibited extreme levels of volatility, introducing heightened risk to the protocol. Despite these unfavorable conditions, Aave remained resilient and maintained operational integrity throughout the market turbulence, avoiding critical failures or substantial bad debt.
In this analysis, we aim to evaluate the risks associated with these abnormal oracle behaviors and propose mitigation measures. Specifically, we recommend disabling the borrowability of a set of assets in order to reduce the protocol’s risk profile during periods of extreme volatility and stressed market conditions. Additionally, given the extreme levels of volatility for the covered assets, combined with the significant lack of revenue generated by their usage as collateral assets, we recommend setting their LTV to 0 and progressively deprecating their collateral status.
While Aave has been only minimally affected by these events, implementing these controls is essential to preserve the protocol’s stability and safeguard against future periods of elevated volatility risk.
Oracle Updates
The number of unique assets that registered a price update exceeding ±15% amounted to 16 across 7 distinct instances. This distribution of updates signals that the anomalies were not isolated events, but rather systemic. Some examples are:
| Instance | Asset | Single Round_id Price Deviation |
|---|---|---|
| Optimism | AAVE | 62% |
| Ethereum | AAVE | 41% |
| Sonic | wS | -40% |
| Arbitrum | ARB | -36% |
| Ethereum | CRV | -33% |
Such widespread oracle volatility presents protocol and systemic risks, as even short-lived pricing discrepancies can open arbitrage windows capable of draining liquidity or creating bad debt within lending markets.
Theoretical Framework
Periods of extreme volatility, particularly during sharp market downturns, can result in substantial dislocations between centralized exchange and on-chain prices. Such divergences often emerge when market liquidity becomes fragmented and price discovery across venues fails to synchronize. Under these conditions, protocols relying on siloed oracle price feeds are exposed to heightened systemic risk, as the reported prices may temporarily deviate from market prices on other venues, causing the protocols to accrue deficits.
When the oracle primarily references CEX prices while on-chain prices have not yet stabilized, substantial mispricing may arise. Suppose the protocol prices an asset X at PoX (the oracle price), while a DEX venue reflects a higher price ( PdX ) such that PdX > PoX . A market participant could exploit this price differential if another asset, Y, can be used as collateral, and its (1-liquidation threshold (LT)) is smaller than the price discrepancy.
In practice, the participant could supply $1M worth of asset Y, borrow ( LT * $1M ) of asset X, and sell X on DEX venues at the higher market price. This arbitrage can be repeated multiple times until either oracle and market prices converge or the protocol’s liquidity becomes constrained, thereby extracting value from the system and effectively transferring losses to the protocol.
To eliminate this class of risk, it is essential to restrict borrowing for selected assets that exhibit high volatility or are prone to severe price dislocations under stressed conditions. Marking these assets unborrowable is a targeted risk control measure that protects the protocol from exploits.
Case Studies
CRV/USDT
During the market crash, one notable instance of severe price dislocation occurred between the CRV/USD Chainlink oracle and the corresponding CRV/USDT Uniswap V3 pool, exposing Aave to a significant deficit. Specifically, the following contracts were involved:
- CRV/USD Chainlink Oracle:
0xdA0DA298550E8E449b935CEA865c8100F3cA1b73 - CRV/crvUSD/ETH Curve V2:
0x4eBdF703948ddCEA3B11f675B4D1Fba9d2414A14
Between blocks 23549969 and 23549976, the dislocation between the oracle-reported and DEX prices reached approximately 58%, persisting for several minutes. As illustrated in the chart below, Curve’s pool price lagged behind the oracle updates, only reaching $0.36, while the price feeds continued to reflect a severe drawdown, reaching $0.21.
This divergence effectively overvalued CRV on the protocol relative to on-chain market prices, which allowed an attacker to supply collateral to borrow underpriced CRV and sell it on-chain for an immediate profit, extracting value directly from the lending pool. While this specific exploit resulted in less than $200K of deficit, likely due to the relatively small pool size (~$2 TVL) and high price impact, the conditions highlighted a critical risk associated with asynchronous price updates and low-efficiency DEX markets.
ENS/WETH
Additionally, we have observed a similar exploit which has resulted in the user making over 17.5 WETH, as a result of oracle mispricing and low market efficiency of the Uniswap V3 pool, the contract addresses that enabled the transactions are:
- ENS/USD Chainlink Oracle:
0x6Cc5173Ffd8d674C64f2DC7237730Ff021829865 - ENS/WETH Uniswap V3:
0x92560c178ce069cc014138ed3c2f5221ba71f58a
During the period of mispricing, the user was able to collateralize a substantial amount of ENS debt, with 38.74 WETH and instantly sell the borrowed assets at a substantial profit of 17.58 WETH, leading to $95k of bad debt accrual.
Deficit Assets
The analysis above outlines both the theoretical and observed dynamics through which oracle mispricing can expose a lending protocol to systemic risk. To assess which assets present such risks, we examined price feed update patterns across multiple instances of Aave. Our reference threshold for assessing exploit potential is derived from the highest liquidation threshold (LT) on Aave’s Ethereum Core instance, WETH, with an LT of 83%. For an exploit to be economically viable, the oracle must underprice an asset by more than (1 – LT), or approximately 17%. Therefore, our screening focused on assets that exhibited price updates exceeding ±15%, as these represent of potential vulnerabilities.
As visualized in the chart above, 12 borrowable assets across various instances demonstrated abnormal oracle update behavior, characterized by large single-block percentage changes and delayed update times. Notably, ENS, CRV, and ARB, which each saw drawdowns ranging from 28% to 36% across Arbitrum and Ethereum instances, combined with the DEX venues’ low market efficiency, caused the protocol to accrue a deficit.
SVR Performance
We observed that the SVR oracle lagged by a constant 5 blocks (~60 seconds) throughout the crash period. Such latency can arise when (i) liquidations are economically unattractive due to oracle–DEX price divergences and high price impact, or (ii) liquidators are unable to participate due to technical constraints or infrastructure unavailability. In this event, SVR’s configuration could have been insufficient to support timely liquidations, thereby publishing the price updates with a consistent maximum allowed lag.
We have additionally observed that price feeds on Optimism have exhibited a substantial number of delays as compared to Ethereum and Arbitrum. The price feeds were likely stale on Optimism as a number of other assets have exhibited similar behavior, namely AAVE and LINK have registered their lowest prices approximately 6 - 8 minutes after the corresponding update on Ethereum, where the price had already recovered substantially.
As previously mentioned, the observed oracle desynchronization presents substantial risks for the protocol through discrepancy-driven arbitrage.
Borrow Revenue
While delisting volatile assets primarily aims to strengthen the protocol’s risk posture, we acknowledge the minor reduction in revenue this entails. Among the assets identified for delisting as borrowable, the largest YTD revenue contributor is CRV on Ethereum, at roughly $80K, with the remaining assets collectively adding just $37K. These figures are marginal in the context of overall protocol revenue and are far outweighed by the potential deficit and exploit risks highlighted by recent events. As such, disabling borrowing for these assets meaningfully enhances the protocol’s risk profile while only trimming a negligible portion of its income.
Collateral Revenue
As observed in the plots below, the outstanding long-tailed collateral assets, which currently reside in isolation mode, generate minimal revenue and utilization within the protocol, seeing just $6M in instantaneous aggregated collateralized debt and just $14K in revenue over the last three months, across CRV, UNI, LDO, CAKE, BAL, 1INCH and ENS. These modest revenue levels support the case for minimizing collateralization power, as the protocol faces an unfavorable risk–reward trade-off. Due to the high exploitability of the assets, which implies their elevated price volatility, substantial number of oracle deviations, and low market efficiency, we recommend setting the loan-to-value of the assets to zero, to limit the susceptibility of the protocol exploits on the collateral side.
Recommendation
With observed oracle dislocations across multiple markets, often reaching 15–50%, driven by market stress and asynchronous pricing between siloed oracles and on-chain venues, we recommend marking a set of assets as non-borrowable along with decreasing the LTVs to 0. Given the underlying volatility, documented oracle pricing delays, and low revenue contribution from these assets, this measure should have minimal impact on protocol income while significantly reducing exposure to volatility spikes and oracle desynchronization.
Looking ahead to Aave v3.6, where assets can be configured as borrowable within E-Modes only, we also recommend migrating a subset of these assets to E-Mode-restricted borrowing once available. This will limit risk to well-defined collateral sets, preserve market functionality, and maintain tighter risk constraints.
Specification
| Instance | Asset | Current Borrow Cap | Recommended Borrow Cap | Current LTV | Recommended LTV |
|---|---|---|---|---|---|
| ZkSync | ZK | 10,000,000 | 1 | 40% | 0 |
| Ethereum Core | UNI | 330,000 | 1 | 65% | 0 |
| Ethereum Core | CRV | 7,000,000 | 1 | 35% | 0 |
| Scroll | SCR | 28,000 | 1 | - | - |
| Ethereum Core | BAL | 1,000,000 | 1 | 57% | 0 |
| Celo | CELO | 400,000 | 1 | 55% | - |
| Ethereum Core | ENS | 20,000 | 1 | 39% | 0 |
| Ethereum Core | LDO | 500,000 | 1 | 40% | 0 |
| Optimism | LINK | 84,000 | 1 | 66% | - |
| Ethereum Core | RPL | 500,000 | 1 | 0% | - |
| Optimism | OP | 1,300,000 | 1 | 58% | - |
| BNB | Cake | 600,000 | 1 | 55% | 0 |
| Arbitrum | ARB | 14,510,000 | 1 | 58% | - |
| Ethereum Core | 1INCH | 475,200 | 1 | 57% | 0 |
| Arbitrum | LINK | 183,000 | 1 | 66% | - |
| Polygon | LINK | 58,000 | 1 | 66% | - |
| Metis | METIS | 32,000 | 1 | 30% | 0 |
Next Steps
We will move forward and implement the borrow cap updates via the Risk Steward process.
Disclosure
Chaos Labs has not been compensated by any third party for publishing this recommendation.
Copyright
Copyright and related rights waived via CC0.
