Aave Protocol Vulnerability Exposed by Recent rsETH Incident

The recent rsETH incident on Aave's markets has shed light on a critical vulnerability in third-party bridge infrastructure.

A single point of failure in the Kelp rsETH LayerZero V2 bridge created an opportunity for attackers to manipulate cross-chain messages and exploit a forged message, resulting in the theft of 116,500 rsETH. The attack was facilitated by a one-of-one Decentralized Verifier Network configuration that relied on a single verifier to sign all inbound cross-chain messages.

The attacker then used the stolen tokens as collateral across Aave V3 positions, borrowing WETH and wstETH while keeping health factors above liquidation thresholds. The exposure came from rsETH being listed as collateral under standard overcollateralization terms.

Fortunately, a coordinated recovery effort was undertaken by DeFi United and other contributors, resulting in the restoration of full backing and return of affected markets to normal. The incident has highlighted the need for greater security measures in decentralized finance, particularly with regards to third-party bridge infrastructure.