Aave initiated a governance-directed liquidation of remaining rsETH positions held by the Kelp DAO attacker, deploying oracle price manipulation to close a deficit position that standard liquidation mechanisms could not resolve. The move marks an extraordinary governance intervention triggered by fraudulent positions stemming from the Kelp DAO exploit, raising questions about protocol precedent and the limits of decentralized decision-making in security crises.
How the Kelp DAO Exploit Created an Aave Problem
The attacker accumulated rsETH positions on Aave following the Kelp DAO attack, creating a deficit that persisted despite standard liquidation attempts. Aave’s liquidation engine relies on oracle prices to determine when collateral is insufficient to cover borrowed assets. The attacker’s position size and the nature of the exploit created conditions where conventional liquidation triggers never activated, leaving Aave with an unresolved bad debt exposure tied to a compromised token.
This scenario exposed a critical vulnerability: when oracle prices fail to reflect true asset quality, liquidation mechanisms designed to protect the protocol become ineffective. Aave governance faced a choice between accepting the deficit or taking extraordinary action.
Governance Chooses Oracle Intervention Over Losses
Rather than absorb the deficit, Aave’s governance approved manipulation of the rsETH oracle price to generate liquidation conditions. By adjusting the price downward, Aave created sufficient collateral shortfall to trigger liquidation of the attacker’s remaining positions. The liquidation was then executed, closing out the deficit exposure.
This approach avoided direct protocol losses but required governance to override the oracle’s normal function. The action was justified as a security measure to address fallout from an external protocol’s failure, but it establishes a precedent: when standard mechanisms fail, Aave governance can direct price adjustments to achieve liquidation outcomes.
Oracle Manipulation Sets Uncomfortable Precedent
DeFi protocols depend on oracle integrity as a foundational assumption. Aave’s decision to deliberately manipulate the rsETH oracle price, even through governance, challenges the principle that oracle prices should reflect market reality rather than protocol objectives. While the intervention addressed an immediate security problem, it introduces uncertainty about when governance might justify future price adjustments.
Other lending protocols face similar risks from external exploits that create bad debt positions. Aave’s precedent suggests governance intervention may become the standard response when liquidation fails, potentially eroding trust in oracle neutrality across DeFi.
Remaining Questions on Contagion and Recovery
The status of the liquidation and whether all attacker positions have been closed remains unclear. The Kelp DAO incident’s full impact on Aave and other protocols that accepted rsETH collateral has not been fully quantified. Governance intervention may have contained Aave’s exposure, but the broader question of whether DeFi’s liquidation infrastructure can survive protocol-level attacks without extraordinary measures remains unresolved.
