How Does Aave V3 Work?
Aave is the largest lending protocol in DeFi, where users deposit crypto to earn interest or borrow against their holdings. It manages $25B+ in deposits across 10+ blockchains with 5+ years of operation. On April 18, 2026, an attacker who had stolen $292M in rsETH from Kelp DAO deposited the stolen rsETH on Aave V3 as e-mode collateral and borrowed WETH against it. When Kelp paused rsETH in response to their hack, Aave was left with $177-200M in bad debt. The WETH pool hit 100% utilization, $6.2B fled the protocol, and AAVE dropped 17.7%. Its grade was downgraded from B- to C reflecting the first major bad debt event in Aave's history.
TVL
$13.9B
Sector
Lending
Risk Grade
C-
Value Grade
B+
Core Mechanisms
Lending/Pool-Based
Overcollateralized lending pools with variable and stable rate modes
Well-established lending pool model with years of battle-testing. V3 introduced efficiency mode, isolation mode, and cross-chain portals. Largest lending protocol by TVL.
Lending/E-Mode
Efficiency mode for correlated asset pairs with higher LTV
E-mode allows higher loan-to-value ratios for correlated asset pairs (e.g., stETH/ETH). Parameter variation on standard lending, not a novel mechanism.
Lending/Isolation-Mode
Isolated markets for new or risky assets with debt ceilings
Risk containment mechanism that limits exposure to newer collateral types. Standard risk parameter approach.
Stablecoin/CDP
GHO: overcollateralized stablecoin minted against Aave deposits
Standard CDP stablecoin pattern (MakerDAO/DAI pattern since 2017). GHO features facilitators and anti-GHO mechanism for stkAAVE holders.
Oracle/Multi-Source
Chainlink price feeds with CAPO (Chainlink Adaptive Price Oracle) adaptive layer
Primary reliance on Chainlink oracles wrapped in Aave's CAPO adaptive layer. CAPO adds snapshot-ratio tracking to cap price movements, but the March 10, 2026 wstETH desync event confirmed this custom layer introduces failure modes above baseline Chainlink risk.
Risk-Management/Liquidation
Automated liquidation with configurable close factor and bonus
Standard liquidation mechanism battle-tested through multiple market downturns.
Governance/DAO
AAVE token governance with cross-chain execution
Governance proposals execute across multiple chains. March 2026: ACI (Aave Chan Initiative, responsible for 61% of governance actions) and BGD Labs both departed following disputed 'Aave Will Win' budget vote.
Staking/Safety-Module
stkAAVE safety module as protocol backstop
Standard staking-as-insurance model. AAVE stakers absorb protocol shortfall events in exchange for staking rewards.
Cross-Chain/Multi-Deployment
Deployments across 10+ EVM chains with unified governance
V3 deployed across Ethereum, Polygon, Arbitrum, Optimism, Avalanche, Base, BNB Chain, and others.
Lending/Flash-Loans
Uncollateralized single-transaction flash loans
Pioneered flash loans in DeFi. Standard feature since 2020 with multiple implementations industry-wide.
How the Pieces Interact
If correlated assets in e-mode break correlation (e.g., stETH/ETH depeg), the higher LTV ratios accelerate liquidation cascades beyond what standard mode would produce.
GHO adds regulatory surface area. While SEC cleared Aave in December 2025, evolving stablecoin regulations could impose compliance requirements on GHO facilitators.
A vulnerability in bridge-based governance execution could allow unauthorized parameter changes on a remote chain, affecting billions in deposits.
In a severe market crash, the safety module's AAVE backing may decline in value at the same time shortfall events occur, reducing its effectiveness as a backstop.
Flash-loan-based governance attacks have been mitigated by snapshot-based voting, but the attack surface remains a theoretical consideration.
What Could Go Wrong
- Accepted stolen rsETH as e-mode collateral on April 18, 2026 after Kelp DAO's LayerZero bridge was exploited for $292M; attacker borrowed WETH against now-worthless collateral, leaving Aave V3 with $177-200M in bad debt. WETH pool hit 100% utilization, $6.2B in withdrawals, AAVE -17.7%. Umbrella backstop may not fully cover the shortfall, raising the prospect that stkAAVE holders absorb losses.
- CAPO (Chainlink Adaptive Price Oracle) layer misfired March 10, 2026, causing $27M in wrongful liquidations across 34 accounts; snapshot-ratio/timestamp desynchronization in Aave's custom adaptive oracle layer proved a real failure mode beyond standard Chainlink feeds, with DAO reimbursing ~345 ETH from treasury.
- Governance centralization risk following March 2026 departure of Aave Chan Initiative (61% of DAO governance actions) and BGD Labs; 'Aave Will Win' proposal passed at 52.58% with disputed Aave Labs insider votes, reducing independent DAO oversight at $26.5B scale.
E-Mode Correlation Break Cascade
TailTrigger: A major liquid staking derivative (stETH, cbETH) depegs >5% from ETH, triggering mass liquidations in efficiency mode pools with 90%+ LTV
- 1.LST/ETH correlation breaks (e.g., stETH depegs 5%+ from ETH) — E-mode positions with 90%+ LTV become instantly undercollateralized
- 2.Liquidation bots trigger mass liquidations across e-mode pools — Liquidation volume overwhelms available on-chain liquidity for the depegged asset
- 3.Liquidation proceeds insufficient to cover bad debt at discounted prices — Protocol accrues bad debt in affected e-mode markets
- 4.Safety module activated to cover shortfall — stkAAVE slashed, but AAVE price also declining in the risk-off environment, reducing backstop value
- 5.Confidence shock spreads to non-e-mode markets — Depositors withdraw from all Aave markets preemptively, tightening liquidity across the protocol
Risk Profile at a Glance
Overall: C- (53/100)
Lower score = safer