Anxiety levels in the AAVE community spiked in November 2022 as Avi Eisenberg
performed an attack on AAVE. Eisenberg attempted to short the CRV token by
using funds borrowed on the protocol to artificially deflate the value of CRV.
While the attack was ultimately unsuccessful, it left the AAVE community scared
and even raised question marks regarding the feasibility of large lending
platforms under decentralized governance.
In this work, we analyze Avi Eisenberg’s actions and show how he was able to
artificially lower the price of CRV by selling large quantities of borrowed CRV
for stablecoins on both decentralized and centralized exchanges. Despite the
failure of his attack, it still led to approximately 1.6 Mio USD of
irretrievable debt and, thereby, quadrupled the protocol’s irretrievable debt.
Furthermore, we highlight that his attack was enabled by the vast proportion of
CRV available to borrow as well as AAVE’s lending protocol design hindering
rapid intervention. We stress Eisenberg’s attack exposes a predicament of large
DeFi lending protocols: limit the scope or compromise on `decentralization’.
More Stories
Free AI Programs Prone To Security Risks, Researchers Say
Sam Bankman-Fried’s Legal Defense Is Being Funded With Alameda Money He Gifted His Father
Exxon’s Climate Opponents Were Infiltrated by Massive Hacking-for-Hire Operation