Superlend Etherlink Incident Report & Wind-Down Plan

Detailed report on the Etherlink rounding vulnerability affecting Superlend BTC markets (~0.68 BTC impact), including remediation steps, user impact, and the planned wind-down of Etherlink markets.

Summary

Two BTC-denominated lending markets on Etherlink (WBTC and LBTC) were affected by a rounding precision vulnerability inherited from the Aave v3 codebase.

Total impact: ~0.68 BTC (~$48k)
User funds: Not directly affected
Status: Fully patched

All deposits remain accessible, and no user action is required.

User Impact

All user funds remain safe and withdrawable
No positions were liquidated
No wallets were directly exploited
The impact was isolated to protocol reserves, not individual users

What Happened

Between February 26 and March 16 2026, automated contracts exploited a rounding asymmetry in the AToken burn mechanism used in Aave v3-based lending markets.

By repeatedly cycling deposits and withdrawals, attackers extracted a very small amount of value per transaction. While negligible per cycle, the attack was executed at high frequency over several days, leading to a cumulative impact.

Affected markets:

slWBTC: ~0.3377 BTC
slLBTC: ~0.3448 BTC

Total: ~0.68 BTC

Root Cause

The issue originates from a rounding behavior in Aave v3’s accounting logic, where both mint (deposit) and burn (withdrawal) operations round in a way that creates a small imbalance in favor of withdrawals.

This behavior has since been refined in newer Aave versions. Superlend’s Etherlink deployment inherited this earlier implementation.

Why This Was Exploitable on Etherlink

On higher-cost networks, this type of rounding imbalance is not economically viable to exploit due to transaction fees.

However, Etherlink’s ultra-low transaction costs made it possible to execute the exploit repeatedly at scale, turning a minor precision issue into a meaningful extraction over time.

Current Status & Remediation

The vulnerability has been fully patched across all affected pools
All markets remain operational and accessible
0.1 BTC will be restored to reserves immediately
The remaining ~0.58 BTC will be covered progressively over time through protocol revenue

We are committed to restoring full reserve health in a sustainable and transparent manner.

Etherlink Markets Wind-Down

Following this incident and a broader strategic evaluation, Superlend will begin a structured wind-down of its Etherlink lending markets and vaults over the coming months.

This decision reflects:

Limited ecosystem liquidity depth
Constrained long-term scalability
A shift toward our core strength: cross-chain aggregation

What This Means for Users

Withdrawals remain fully available at all times
New deposits will be phased out gradually, with advance notice
A detailed timeline will be shared for each market
The Superlend aggregator continues to operate normally across 15+ chains

Forward Focus

Superlend continues to scale as a cross-chain lending aggregator, connecting users to hundreds of markets across multiple ecosystems.

This incident impacts protocol reserves, not the core product or user funds.

We remain focused on:

Strengthening risk management frameworks
Improving deployment standards across chains
Building a more resilient, aggregation-first platform

Full Technical Report

For a detailed breakdown of the vulnerability, exploit mechanics, and on-chain references:

9KB

superlend_incident_report.pdf

PDF

Open

PreviousRWA Markets NextVaults

Last updated 8 hours ago

hashtagSummary

hashtagUser Impact

hashtagWhat Happened

hashtagRoot Cause

hashtagWhy This Was Exploitable on Etherlink

hashtagCurrent Status & Remediation

hashtagEtherlink Markets Wind-Down

hashtagWhat This Means for Users

hashtagForward Focus

hashtagFull Technical Report