Aave’s exposure to Curve hack, explained

If CRV dips below 65%, it will be at risk of liquidation

by Bessie Liu /
article-image

Akif CUBUK/Shutterstock modified by Blockworks

share

Decentralized exchange Curve Finance saw exploits of over $70 million on Sunday, caused by a Vyper reentrancy lock malfunction. 

There had been a bug in versions 2.15 to 3.0 of the Vyper coding language, curvecap.lens explained in an X space. 

Vyper code incorporates built-in reentrancy protection, which prevented developers and auditors from noticing potential issues during external inspections.

Following the exploit, the price of CRV, Curve’s native token, dipped drastically, from roughly $0.73 to $0.62 in just a few hours. 

So what has Aave got to do with all of this?

Founder of Curve, Michael Egorov, has a loan of roughly $63 million in USDT using CRV as collateral on Aave v2. 

If the price of CRV dips below 65% based on risk parameters set by Aave (to roughly $0.32), it will be at risk of liquidation. At the time of writing, CRV price is currently situated at $0.55.

When liquidations do occur, collateral deposited by the borrower will be sold for the borrowed asset. In this case, this means that CRV will be sold for USDT, cascading into bad debt.

This concern has previously been flagged by Gauntlet, who had suggested freezing CRV and setting CRV’s loan to value (LTV) to zero on Aave v2.

“The amount of CRV concentrated on Aave, relative to the circulating supply of CRV, is already high. Given the limitations of V2 mechanisms, including the possibility of circumventing an LTV of 0, the only way to truly prevent more risk of this position is to prevent borrowing of all assets on V2,” Gauntlet wrote

This proposal ultimately did not pass

In light of the current situation, Marc Zeller, the founder of Aave-Chan Initiative, a delegate platform that contributes to AAVE governance, told Blockworks that Aave governance is aware of the CRV situation.

“The risks associated with it are gradually reduced in a stream of AIPs for the past months,” Zeller said. “Governance [is managing] this and [the] situation gradually is getting better.”

To prevent risks like this from occurring Zeller notes that users should migrate to Aave v3. 

“The old Aave [v2] doesn’t have caps and that is how this situation exists. V3 does and makes this kind of scenario impossible there,” he said.

Correction Aug. 15 2023 at 3:53 am ET: Egorov’s Aave loan at time of publication was $63 million not $70 million.

Get the news in your inbox. Explore Blockworks newsletters:

Tags

Upcoming Events

Digital Asset Summit 2025

Old Billingsgate

Mon - Wed, October 13 - 15, 2025

Blockworks’ Digital Asset Summit (DAS) will feature conversations between the builders, allocators, and legislators who will shape the trajectory of the digital asset ecosystem in the US and abroad.

buy ticketslearn more

recent research

Research

by Research Team

news

article-image

Empire NewsletterOpinion

Why Kalshi’s new $2B valuation makes sense

Prediction markets have found a mainstream fit

by Katherine Ross /
article-image

The Breakdown

Permissionless IV, Day 2 takeaways

Money for enemies isn’t fun, but crypto can be

by Byron Gilliam /
article-image

Lightspeed NewsletterMarkets

Risk-on in Solana, even as ceasefire cools tensions

Onchain SOL perps wiped $31 million, outpacing CEX volumes two days in a row

by Jeff Albus /
article-image

Forward Guidance NewsletterPolicy

Powell says Fed will continue to monitor inflation before cutting rates

Fed Chair Jerome Powell told Senators Wednesday that the timeline on lowering interest rates is up in the air

by Casey Wagner /
article-image

FinanceForward Guidance Newsletter

Newly tokenized Janus Henderson CLO strategy sees $1B inflow

Credit infrastructure DeFi protocol Grove makes allocation into a CLO segment “ripe for movement into DeFi”

by Ben Strack /
article-image

BusinessThe Drop

Animoca-linked Moca Chain plots Q4 mainnet launch

Moca brings digital identities onchain as a privacy-forward alternative to existing single sign-on tools

by Kate Irwin /