Aave proposes governance changes after failed $60M short attack
The exploit failed due to a miscalculation of Aave’s liquidity levels.
On Nov. 23, one day after Mango Markets exploiter Avraham Eisenberg attempted to use a series of sophisticated short sales to exploit decentralized finance protocol Aave, project contributors have put forth a series of proposals to deal with the aftermath. As told by protocol engineering developer Llama and financial modeling platform Gauntlet both of whom are deployed on Aave:
“Over this past week, the user 0x57e04786e231af3343562c062e0d058f25dace9e [wallet associated with Eisenberg] opened a short position on CRV [Curve] using USDC as collateral. At its peak, the user was shorting ~92M units of CRV (roughly $60M USD at today’s prices). The attempt to short CRV on Aave has been unsuccessful, and the user lost ~$10M USD from the liquidations.”
Llama wrote that the user had been liquidated but at the cost of $1.6 million in bad debt, likely due to slippage. “This excess debt is isolated only to the CRV market,” the firm wrote. “While this is a small amount relative to the total debt of Aave, and well within the limits of Aave’s Safety Module, it is best practice to recapitalize the system to make whole the CRV market.”
Going forward, Llama’s proposal calls upon the Gauntlet’s insolvency fund and Aave Treasury to make whole the bad debt. Another separate proposal put forth by Gauntlet calls for temporarily freezing a list of token markets (including CRV) on Aave V2. The day prior, Eisenberg attempted to induce a liquidity crunch on Aave by shorting large amounts of CRV, which was illiquid on the platform, and forcing the smart contracts to buyback the positions at a loss due to very high slippage (upwards of 90%). However, the trade failed when Eisenberg was liquidated with much lower slippage levels than expected.