Aave V3: CAPO (Correlated Asset Price Oracle) misconfigured price feed for a freshly-listed correlated asset → mispriced collateral → cascade of involuntary liquidations
This was an oracle-config incident, not a malicious exploit. A new collateral asset listed on Aave V3 Ethereum on 2026-03-12 was wired to a CAPO (Correlated Asset Price Oracle) feed with an incorrect price-correlation mapping. Within minutes the oracle reported a price ~7% off from the asset's actual on-chain price (off in the direction that under-valued user collateral).
Summary #
Aave V3 suffered a Lending — oracle misconfiguration on 2026-03-12, resulting in a loss of approximately $862K.
What happened #
This was an oracle-config incident, not a malicious exploit. A new collateral asset listed on Aave V3 Ethereum on 2026-03-12 was wired to a CAPO (Correlated Asset Price Oracle) feed with an incorrect price-correlation mapping. Within minutes the oracle reported a price ~7% off from the asset's actual on-chain price (off in the direction that under-valued user collateral).
Linked factors #
- RD-F-053 — related : Single CAPO feed without parallel-source cross-check enabled the misconfiguration to propagate undetected
- RD-F-077 — related : Auto-linked by C.4 triage 2026-05-07
- RD-F-084 — related : Auto-linked by C.4 triage 2026-05-07
- RD-F-143 — illustrative : Cat 9 post-deploy hygiene gap; new-listing process did not include parameter-set validation prior to activation
- RD-F-180 — related : Oracle config posture factor — CAPO listing process gap allowed mis-correlated mapping into production