Following the tragic $50 million operation that resulted in a loss, Aave activates the Shield security system

Aave has implemented the Shield feature following the failed $50 million trade. Furthermore, the developers, along with CoW Swap, recently shared their respective technical reports detailing the incident. 

The decentralized finance protocol Aave has launched a new protection tool called Aave Shield. 

This new security feature comes as a direct response to last week's incident, in which a user suffered a loss exceeding $50 million while trading assets through the platform's interface. The operation, as reported This medium, as previously reported, involved the conversion of 50,4 million units of aEthUSDT to AAVE tokens, but resulted in the receipt of only $36.500 in the protocol's governance token. 

This tragic operation has been categorized by industry specialists as one of the biggest execution failures in the history of decentralized finance, exposing vulnerabilities in liquidity routing and the tolerance limits of current interfaces in the face of extremely illiquid market scenarios.

The operation in which bots captured millions in profits

The independent report published by the CoW Swap team confirmed that the failure in the aforementioned transaction originated from a series of chain of technical errorsThe analysis detailed that the system responsible for verifying budgets operated with a gas limit of 12 million units, a legacy configuration that no longer met current consumption needs. This restriction prevented the system from accepting routes with better market prices, as they were automatically rejected for exceeding the established limit.

During the investigation, the developers discovered that only one solver, identified as Solver A, passed the initial checks, although it did so with a bid far below the actual market value. Shortly afterward, another participant, known as Solver E, won two consecutive auctions with more competitive routes. However, these transactions were never executed on the main network, a fact that exacerbated the problem.

The report also revealed that the auction system lacked tools to identify and correct these failure patterns, ultimately triggering the worst-case scenario. Analysis of Etherscan logs determined that the transaction may have shifted from a private to a public mempool. This leak allowed bots specializing in maximum extractable value (MEV) to exploit the vulnerability and execute a sandwich attack, netting an estimated profit of nearly $10 million.

Aave Shield, automatic protection to prevent extreme losses

In turn, the forensic analysis published by Aave focused on the liquidity dynamics of the deposits usedThe report indicates that the final routing directed the trade to a SushiSwap pool with only $73.000 of total liquidity. By injecting such an order of magnitude into such a small market, the price instantly collapsed due to the architecture of automated market makers (AMMs).

The protocol developers confirmed that, although the user received and manually accepted a 99,9% "high price impact" warning on their mobile device, the need to implement stricter preventative barriers was identified. 

In response to this incident, Aave has implemented the Shield feature, which It will block by default any asset exchange where the projected impact on price exceeds 25%.In these cases, the platform will prevent the transaction unless the user accesses the advanced settings and voluntarily disables the protection. 

“Aave Shield provides another layer of protection to prevent accidental confirmations, while maintaining permissionless operations for advanced users.” Aave's team commented. 

Regarding the fees, Aave revised the initial estimates, placing the actual fees for the transaction at $110.368, calculated on a rate of 25 basis points.

The debate about the responsibility of users and developers in DeFi is reignited

The recent operation that involved a multimillion-dollar loss within the DeFi ecosystem opened a discussion between users and developers about how far the responsibility of each party should extend. 

According to data from Arkham Intelligence, a block builder managed to extract approximately $34 million worth of ETH while the affected block was being processed. This occurred amidst a period of significant instability for the protocol, which just days earlier had suffered liquidations of around $26 million due to configuration errors in its price oracles.

Internal audits conducted by both projects showed that the protection measures against the maximum extractable value (MEV) failed to contain the impact under extreme liquidity conditions. These tools had been implemented with promises of greater security, but the results proved otherwise. CoW Swap acknowledged that its verification system was a limited mechanism for large-scale transactions. 

Aave, for its part, chose to develop direct restrictions in its software in order to prevent a similar event from happening again. 

So far, the owner of the funds involved has not contacted the development teams to recover the blocked amount corresponding to the commissions collected during the transaction, nor to initiate a technical mediation process.