A bug in an older version of crypto lending protocol Aave is blocking users from interacting with Wrapped Ether (WETH), Tether (USDT), Wrapped Bitcoin (WBTC) or Wrapped Matic (WMATIC) pools on Aave v2 on Polygon, preventing assets from being withdrawn from them, according to a May 19 proposal that attempts to fix the bug through a patch. The proposal says that users are currently unable to “supply more of those assets, borrow, repay, or withdraw.“
Although withdrawals are currently impossible, the team stated that funds are “perfectly safe,” as the bug can be fixed after a governance vote.
The bug only affects Aave v2 on Polygon. Aave v3 — the most recent version — remains unaffected, as do v2 deployments to Ethereum or Avalanche.
The broken code arose because of a May 16 interest rate curve patch applied to all deployments of v2. The Polygon implementation of v2 uses a slightly different list of function definitions (called an “interface”) for its rate strategy contracts when compared with the Ethereum and Avalanche implementations. But the interest rate curve changes did not take this difference into account, causing the bug to develop only in the Polygon deployment.
The new proposal asks Aave’s governing body, Aave DAO, to approve code changes to only the Polygon version to fix the patch. Voting is scheduled to begin on May 20 and will continue until May 23, the proposal stated.
Aave is most well known for its flash loan feature that allows users to borrow crypto, make trades and pay back the loans within the same block without requiring collateral. It began on Ethereum but has expanded into other networks over the past few years. On April 17, Aave governance voted to deploy the protocol on zkSync Era, a layer-2 Ethereum scaling protocol that uses zero-knowledge proof technology. On May 8, Aave v3 deployed to the Metis network, which is also an Ethereum layer 2.