Aave Tightens CAPO Controls to Prevent Collateral Overpricing Attacks

Aave governance is addressing a widening gap in how yield-bearing collateral gets priced, a gap that could be weaponized through inflation attacks. LlamaRisk proposes updating the CAPO snapshot mechanism to prevent positions from becoming undercollateralized.

Aave faces a growing technical vulnerability in how it prices yield-bearing collateral across V3 markets. LlamaRisk has identified that snapshots used to cap asset valuations have drifted substantially from current exchange rates, creating a gap that malicious actors could exploit through inflation attacks. The proposed fix involves updating the snapshotRatio mechanism to keep collateral pricing anchored to reality and prevent a cascade of undercollateralized positions.

The core issue stems from how Aave's Collateral Asset Protection Optimization (CAPO) mechanism works. Rather than trusting real-time exchange rates directly, CAPO establishes an upper bound on how much any collateral can be valued, growing this ceiling at a controlled annual rate. This design prevents sudden, manipulated price jumps from inflating collateral values overnight. However, when snapshots become stale and maximum yearly growth rates are set too permissively, the gap between the theoretical cap and the actual exchange rate widens. In a scenario where an adversary performs an inflation attack—artificially pushing the underlying price source upward—borrowers could accumulate loans against collateral that appears valuable but isn't. Once the attack unwinds and prices normalize, these positions become severely underwater, potentially crystallizing bad debt for the protocol.

The mathematics here matter. If the spread between CAPO's upper bound and current ratio becomes sufficiently large, and a liquidation bonus is applied during a recovery scenario, the worst-case health factor could dip below the maximum loan-to-value threshold. LlamaRisk has analyzed every CAPO instance across Aave V3 and identified which reserves currently meet this deficit-trigger condition, plus those projected to breach it within thirty days based on current yield trends. The proposal targets these assets for immediate snapshot ratio updates, effectively tightening the allowable drift and reducing the window of vulnerability.

This update represents a nuanced risk management decision rather than a dramatic overhaul. Aave's governance must balance security against usability—tightening CAPO caps too aggressively could suppress yield-bearing asset utility, while leaving gaps open invites exploitation. By refreshing snapshots and recalibrating growth parameters now, the protocol demonstrates its commitment to staying ahead of emergent attack vectors. As DeFi collateral strategies grow more sophisticated and yield products proliferate, this kind of continuous parameter tuning will likely become standard practice across major lending protocols.