# Superlend Etherlink Incident Report & Wind-Down Plan ### Summary Two BTC-denominated lending markets on Etherlink (WBTC and LBTC) were affected by a rounding precision vulnerability inherited from the Aave v3 codebase. * Total impact: \~0.68 BTC (\~$48k) * User funds: Not directly affected * Status: Fully patched All deposits remain accessible, and no user action is required. *** ### User Impact * All user funds remain safe and withdrawable * No positions were liquidated * No wallets were directly exploited * The impact was isolated to protocol reserves, not individual users *** ### What Happened Between February 26 and March 16 2026, automated contracts exploited a rounding asymmetry in the AToken burn mechanism used in Aave v3-based lending markets. By repeatedly cycling deposits and withdrawals, attackers extracted a very small amount of value per transaction. While negligible per cycle, the attack was executed at high frequency over several days, leading to a cumulative impact. Affected markets: * slWBTC: \~0.3377 BTC * slLBTC: \~0.3448 BTC Total: \~0.68 BTC *** ### Root Cause The issue originates from a rounding behavior in Aave v3’s accounting logic, where both mint (deposit) and burn (withdrawal) operations round in a way that creates a small imbalance in favor of withdrawals. This behavior has since been refined in newer Aave versions. Superlend’s Etherlink deployment inherited this earlier implementation. *** ### Why This Was Exploitable on Etherlink On higher-cost networks, this type of rounding imbalance is not economically viable to exploit due to transaction fees. However, Etherlink’s ultra-low transaction costs made it possible to execute the exploit repeatedly at scale, turning a minor precision issue into a meaningful extraction over time. *** ### Current Status & Remediation * The vulnerability has been fully patched across all affected pools * All markets remain operational and accessible * 0.1 BTC will be restored to reserves immediately * The remaining \~0.58 BTC will be covered progressively over time through protocol revenue We are committed to restoring full reserve health in a sustainable and transparent manner. *** ### Etherlink Markets Wind-Down Following this incident and a broader strategic evaluation, Superlend will begin a structured wind-down of its Etherlink lending markets and vaults over the coming months. This decision reflects: * Limited ecosystem liquidity depth * Constrained long-term scalability * A shift toward our core strength: cross-chain aggregation *** ### What This Means for Users * Withdrawals remain fully available at all times * New deposits will be phased out gradually, with advance notice * A detailed timeline will be shared for each market * The Superlend aggregator continues to operate normally across 15+ chains *** ### Forward Focus Superlend continues to scale as a cross-chain lending aggregator, connecting users to hundreds of markets across multiple ecosystems. This incident impacts protocol reserves, not the core product or user funds. We remain focused on: * Strengthening risk management frameworks * Improving deployment standards across chains * Building a more resilient, aggregation-first platform *** ### Full Technical Report For a detailed breakdown of the vulnerability, exploit mechanics, and on-chain references: {% file src="" %}