The Aave CAPO Oracle Meltdown: How a 2.85% Price Error Triggered $27M in Liquidations

On March 10, 2026, Aave — the largest DeFi lending protocol by TVL — liquidated $27 million in wstETH collateral from 34 innocent users. No hacker was involved. No flash loan. No exploit contract. The protocol simply misconfigured its own oracle and ate its own users alive. The culprit? A parameter desynchronization in Aave's Correlated Asset Price Oracle (CAPO) system that undervalued wstETH by 2.85% — just enough to make perfectly healthy positions look underwater. Automated liquidation bots did the rest in minutes. This article dissects exactly what went wrong, traces the bug to two desynchronized state variables, and extracts five oracle safety patterns that could have prevented this — patterns every protocol running automated risk management needs to implement yesterday. What Is CAPO and Why Does Aave Need It? Aave's CAPO system exists to solve a real problem: price manipulation for correlated assets. When you use wstETH (wrapped staked ETH) as collateral, its value is tightly cor