Aave Liquidation Bug: Understanding the Arithmetic Overflow Crisis

Aave's liquidation function began reverting due to arithmetic overflow errors in interest rate calculations, preventing liquidations of underwater accounts and potentially locking capital across multiple blocks.

A critical issue surfaced in Aave's liquidation mechanism when users attempted to trigger liquidations against underwater positions. The transaction would consistently revert with a panic error code indicating an arithmetic overflow or underflow condition in the interest rate calculation logic. Specifically, when calling the liquidationCall function on Aave's lending pool contract, the operation failed despite meeting fundamental liquidation criteria—the target account maintained a health factor below 1.0, the canonical threshold for insolvency. This created a paradoxical situation where positions that should have been liquidatable became frozen by contract-level failures, potentially trapping collateral and preventing necessary market corrections.

The bug manifested across multiple blocks, suggesting a systematic problem rather than a transient network state issue. The error originated in the calculateInterestRates function, which determines borrowing and lending rates based on utilization metrics. This function is foundational to Aave's economic model; when it encounters overflow conditions, it typically indicates that one of its input parameters has reached an extreme or unexpected value. In liquidation scenarios, the sudden movement of collateral and debt positions can create unusual arithmetic conditions, particularly if the protocol's safeguards don't account for edge cases where interest accruals or utilization ratios exceed anticipated ranges. The persistence of this failure across time blocks points toward a specific market condition—possibly extreme volatility, unusual token concentrations, or accumulated rounding errors—that triggers the overflow consistently.

This incident highlights a broader vulnerability class in decentralized finance protocols: the intersection between mathematical correctness and real-world market conditions. Aave's architecture assumes that core calculations will remain bounded within safe integer ranges, but liquidation-driven market stress can violate these assumptions. The protocol team would need to examine whether the issue stems from unvalidated inputs to the interest rate calculator, insufficient overflow protection in Solidity arithmetic, or a gap between test scenarios and actual liquidation dynamics. The fact that such a critical liquidation pathway could fail without triggering emergency safeguards raises questions about monitoring and circuit-breaker mechanisms.

For users with underwater positions, this bug effectively created a liquidation immunity—a dangerous inversion of incentives that could encourage risky behavior during market volatility. The resolution likely required either a targeted smart contract patch to handle these edge cases, or broader protocol adjustments to prevent extreme market states. This vulnerability underscores why liquidation mechanisms demand rigorous formal verification and stress-testing against adversarial market conditions, not just benign operational scenarios.