·6 min read
DeFiLendingRiskAave

On-Chain Lending Risks Explained: What Can Go Wrong with Aave, Morpho, and Compound

DeFi lending earns real yield, but carries risks most users underestimate. Here's what liquidations, bad debt, oracle failures, and smart contract exploits actually look like.

On-chain lending protocols like Aave, Compound, and Morpho collectively hold tens of billions in user deposits. The yields are real — but so are the risks. Most users who lose money in DeFi lending don't lose it to market movements; they lose it to mechanisms they didn't understand.

How On-Chain Lending Works (Quick Recap)

You deposit an asset (ETH, USDC) into a lending pool. The protocol lends it to borrowers who post overcollateral (e.g., post $150 ETH to borrow $100 USDC). You earn interest from borrowers.

The overcollateralization protects lenders: if the borrower's collateral value drops, the protocol liquidates it before the loan becomes undercollateralized. In theory, lenders are always made whole.

In practice, several failure modes exist.

Risk 1: Smart Contract Exploits

The most catastrophic risk. A bug in the lending protocol's smart contract could allow an attacker to drain all deposits.

Real examples:

  • Euler Finance (2023): $197M drained in a flash loan attack exploiting a flaw in the donateToReserves function. 90% was returned after negotiation.
  • Compound v2 (2021): A governance bug sent $80M in COMP tokens to users accidentally.
  • Aave (multiple near-misses): Several governance proposals for new collateral types were blocked by security researchers finding exploitable edge cases.

What it means: Even audited, battle-tested protocols can have bugs. The risk is never zero. Spreading deposits across multiple protocols reduces exposure to any single exploit.

Mitigation: Use only the most audited protocols (Aave v3, Compound v3/Morpho); prefer protocols with active bug bounties and security councils; don't chase yield on new or less-audited protocols.

Risk 2: Oracle Failures and Manipulation

Lending protocols rely on price oracles to calculate collateral values and trigger liquidations. If the oracle reports a wrong price, bad outcomes follow.

Price spike attack: An attacker pumps a low-liquidity token's price on a small DEX, then uses that inflated price to borrow massively against it from a lending protocol that uses the DEX as its oracle. Before the oracle corrects, the attacker borrows more than the real collateral value and exits.

Real example: The Mango Markets exploit (Solana, 2022) — $117M drained by Avraham Eisenberg, who self-admitted to market-manipulating the MNGO price to inflate his collateral value. He used his own leveraged long on MNGO (which pushed the price up) as collateral to borrow other assets from Mango.

Aave and Compound use Chainlink oracles (decentralized, manipulation-resistant) which mitigates this. Smaller protocols using single DEX price feeds are far more vulnerable.

Risk 3: Liquidation Cascades and Bad Debt

In a severe market drop, multiple positions get liquidated simultaneously. Liquidators need to buy collateral to complete liquidations — but if prices are crashing, buyers disappear.

The bad debt scenario:

  1. Market drops 30% rapidly
  2. Hundreds of ETH positions become liquidatable simultaneously
  3. Liquidators can't absorb all the collateral fast enough
  4. Some positions become undercollateralized before liquidation executes
  5. The protocol is left with bad debt — more owed to depositors than collateral available

Aave handles this with the Safety Module — a pool of staked AAVE that absorbs bad debt up to a threshold. Morpho Blue handles it through isolated markets and borrower-specific liquidation incentives.

Real example: Aave had ~$1.7M in bad debt from CRV-related positions in November 2022 when the Curve founder took out massive personal loans against CRV and CRV price crashed. The Safety Module covered it.

Risk 4: Liquidity Risk (Withdrawal Queues)

When too many people withdraw at once, the protocol may not have enough liquid assets to fulfill withdrawals immediately. Borrowed assets are tied up in loans and can't be instantly recalled.

Utilization rate is the key metric: if a USDC pool is 95% utilized (95% of deposits are out as loans), only 5% is available for withdrawal. If more than 5% of depositors want to withdraw simultaneously, they must wait for borrowers to repay or for interest rates to rise enough to incentivize repayment.

Aave manages this with interest rate models that spike rates at high utilization — expensive borrowing costs force repayments, freeing liquidity. But in a panic, even this mechanism can be slow.

Risk 5: Governance Attacks

Lending protocols are governed by token holders. A governance attack occurs when an attacker acquires enough tokens to pass a malicious proposal.

Beanstalk (2022): $182M stolen. An attacker took out a flash loan, bought 79% of governance tokens temporarily, passed a proposal that drained the treasury in a single transaction, repaid the flash loan. All in one transaction.

Aave and Compound use timelocks (48-hour to 7-day delay after proposal passes before execution) specifically to prevent this — giving the community time to respond before a malicious proposal executes.

Risk 6: Collateral Depeg

If collateral assets depeg from their expected value, overcollateralization assumptions break.

stETH depeg (June 2022): stETH traded at 0.94 ETH during the Celsius/3AC crisis. Positions using stETH as collateral had their LTV ratios stressed. Some positions were liquidated at prices below what was expected. Lenders lost nothing (protocol absorbed the pricing), but it demonstrated the risk.

USDC depeg (March 2023): USDC briefly hit $0.87 when SVB's failure revealed Circle's $3.3B exposure. Positions collateralized in USDC were briefly worth less than expected. Aave's risk parameters handled it, but lending protocols with USDC-collateralized positions were briefly stressed.

Practical Risk Management

  1. Stick to Aave v3, Compound v3, Morpho Blue — the most audited with the most battle-testing
  2. Never deposit more than you can afford to lose in a single protocol
  3. Keep collateral health factor above 1.5x — gives buffer before liquidation
  4. Monitor utilization rate — avoid lending to pools above 90% utilization
  5. Understand what oracle the protocol uses — Chainlink is the safety bar
  6. Don't use long-tail tokens as collateral — low-liquidity collateral is the primary source of bad debt events

Read: DeFi lending borrowing guide →

Read: What is DeFi →

$SOVAI Presale — Q2 2026

15M tokens at $0.0005 — 50% below DEX listing

Real yield from AI trading revenue. Fixed supply. No emissions. Join the waitlist for early access.

By joining you agree to our Terms of Service and Privacy Policy.

built by gruesøme · Powered by SovereignAI