Verifying Aave's Safety Margins: When Bad Debt Becomes Mathematically Possible

A new formal verification tool maps the precise price shock thresholds where Aave V3 bad debt becomes mathematically inevitable. The analysis reveals tight safety margins that warrant protocol recalibration.

Aave's V3 iteration represents a significant step forward in lending protocol design, but understanding its failure modes requires more than simulation and stress testing. A new formal verification tool called Verifi applies Z3 theorem proving to map the precise price shock thresholds at which bad debt transitions from improbable to logically inevitable within Aave V3 markets. Rather than asking what losses might occur under probabilistic conditions, this approach answers a simpler but more critical question: below what shock magnitude is insolvency provably impossible, given the protocol's liquidation mechanics and on-chain parameters?

The findings reveal a tighter safety margin than one might expect. On Arbitrum, the analysis shows that WETH positions could theoretically accumulate bad debt following a 15% single-block price collapse if a liquidator is present to execute the cascade, or approximately 20% in their absence. Historical precedent matters here—the largest single-block ETH decline on record sits around 12%, leaving roughly a 3–4 percentage point buffer between that extreme and the mathematical boundary where bad debt becomes unavoidable. This is not a probability assessment but rather a deterministic calculation: given worst-case combinations of oracle staleness, liquidator incentive structures, and maximum position leverage, the arithmetic of liquidation bonuses eventually fails to prevent insolvency under that shock magnitude.

What distinguishes this methodology from existing risk frameworks is its complementary scope. Stochastic models, such as the conditional protocol equity analysis recently published by Chaos Labs, optimize for parameters that maximize expected welfare across a distribution of outcomes. Formal verification operates orthogonally, establishing hard boundaries independent of probability distributions. Both approaches are necessary. Simulation helps protocols choose between competing parameter sets when bad debt remains theoretically possible across all of them; formal verification identifies whether the chosen parameters include any shock threshold with historical precedent, a condition that should arguably disqualify a parameter set regardless of its expected-value properties. The Verifi tool encodes Aave V3's liquidation conditions as mathematical constraints, reads live on-chain parameters from Arbitrum contracts, and instructs the solver to search for any variable assignment within realistic bounds that produces bad debt.

This work underscores a broader principle in protocol governance: safety margins matter most when they are small. A 3–4 percentage point buffer against historically observed price movements suggests the current parameter configuration sits precariously close to its failure mode—not dangerously so, but close enough to warrant recalibration or enhanced monitoring as market volatility regimes evolve.