Composability and Systemic Risk: Why DeFi Protocols Fail Together

On 18 April 2026, attackers drained roughly 116,500 rsETH — about $292 million — from Kelp DAO's cross-chain bridge, deposited the stolen tokens onto Aave V3 as collateral, and borrowed wrapped ether against them. Within forty-eight hours, Aave's TVL fell from $26.4 billion to under $20 billion, $8.45 billion of deposits fled, and roughly $196 million in bad debt crystallised on the rsETH–wETH pair. Total DeFi TVL dropped from $99.5 billion to $86.3 billion over the same window. No contract was hacked at Aave. No team there made a catastrophic error. The damage was entirely a composability artefact: Kelp issued a liquid restaking token, Aave accepted it as collateral, and that single edge carried the shock from one protocol to an entire sector.

This is the capstone of an eight-part series, and the question it has to answer is the one every prior part gestured at but none fully confronted. If DeFi is permissionless finance where anyone can plug any protocol into any other, what happens when something breaks? The answer — and the uncomfortable truth of DeFi systemic risk — is that composability is not a feature layered on top of the stack. It is the stack. You cannot have the upside without the downside, and understanding why is the difference between an informed participant and a statistic in next quarter's post-mortem.

Composability is leverage on correctness

Traditional finance isolates failures through legal, operational, and technological friction. A bank run in one country does not instantly drain deposits in another because the plumbing between them includes correspondent banks, SWIFT messages, settlement windows, and regulators who can halt trading. Friction is expensive, but it is also a circuit breaker.

DeFi removes the friction. A smart contract on Ethereum can, in a single atomic transaction, borrow from Aave, swap on Uniswap, mint on MakerDAO, deposit into a yield vault, and hedge on a perps venue. This is composability: every protocol exposes a standard interface (ERC-20, ERC-4626, the lending pool ABI), and every other protocol can call it without asking permission. The Lego metaphor is accurate but understates the stakes. Real Lego bricks do not collapse when a brick three studs away has a manufacturing defect. DeFi bricks do.

The mechanism is simple. Every protocol makes assumptions about the protocols beneath it — that this token is worth what the oracle says, that this vault is solvent, that this AMM has enough liquidity to absorb a liquidation. When those assumptions hold, composability multiplies capital efficiency. When one breaks, the assumption failure propagates at the speed of the next block.

The four channels of contagion

Cascades travel through four channels, and almost every DeFi incident is some combination of them.

Price channel. Most protocols read asset prices from an external source. When an oracle misreports a price, every protocol downstream acts on bad data simultaneously. Aave liquidates. Perps exchanges trigger stop-outs. AMMs get arbitraged to the wrong price. Black Thursday in March 2020 was primarily a price-channel event: Ethereum gas congestion froze MakerDAO's Medianizer for long enough that when the oracle finally printed, it jumped more than 20% in a single update, flagging thousands of CDPs for liquidation in the same block.

Collateral channel. DeFi lending is recursive. Users borrow stablecoins against ETH, swap them for more ETH, deposit that ETH back as collateral, and borrow again — the pattern called looping. When the underlying collateral drops, every layer of the loop liquidates in sequence, and the forced selling depresses the price further, triggering more liquidations. This is why onchain lending liquidations are not isolated events — they are the ignition source for price-channel cascades.

Liquidity channel. AMMs using the constant-product invariant or its concentrated variants provide the exit liquidity for everything above them. When a large liquidation hits a pool, slippage widens, liquidity providers withdraw to avoid impermanent loss, and the remaining pool becomes thinner and more volatile. The next liquidation hits a worse pool. On Black Thursday, this is how MakerDAO ended up auctioning ETH collateral for zero DAI on 1,462 of 3,994 auctions — roughly 36.6% of them — costing the system $8.32 million in aggregate CDP value, because the keepers who should have bid could not get their transactions included against congested gas.

Peg channel. Stablecoins — fiat-backed, crypto-backed, and algorithmic — are the unit of account for almost every DeFi position. When a stablecoin depegs, every position denominated in it re-prices, every AMM pool containing it gets arbitraged, and every lending market that accepts it as collateral triggers liquidations. USDC's depeg on 11 March 2023 after Silicon Valley Bank's failure froze half the DeFi stack because USDC was the numeraire, not just an asset — Curve's 3pool processed a record $6.03 billion in a single day, and roughly 3,400 auto-liquidations fired across Aave v2/v3 against about $24 million of collateral, most of it USDC.

The April 2026 Kelp cascade used at least three of these channels: stolen collateral entered a lending pool (collateral channel), the inflated balance borrowed against it drained an AMM-adjacent reserve (liquidity channel), and the rsETH price versus wETH diverged sharply enough across venues that every downstream protocol reading the same feed repriced simultaneously (price channel).

Why audits do not catch this

Smart-contract audits check one protocol against its own specification. They do not — and cannot — check whether that protocol's assumptions about the protocols it depends on will hold during a cascade. Aave is one of the most audited codebases in DeFi. Kelp's contracts had been reviewed. The oracle adapters in the middle were off-the-shelf. Every individual component worked exactly as written. The composition was the vulnerability.

This is the shift in mental model that matters. At the contract level, DeFi is approaching the reliability of well-engineered traditional software. At the system level, it is still in its infancy. The protocols work; the interfaces between them, under stress, do not. Risk assessment has to move from "is this contract safe" to "what does this protocol assume about the five protocols it reads from, and what happens to me if any of those assumptions break simultaneously."

Second-order exposures you probably do not see

Most users underestimate their exposure because they think in terms of direct counterparties. If you deposit ETH into Aave, you assume your risk is Aave. It is not. Your risk is:

• Aave's oracle configuration for every asset in the pool, because a bad price on any listed asset can cause bad-debt socialisation.
• The liquidity of every AMM where liquidators will dump seized collateral, because shallow exit liquidity means liquidators bid less, which means Aave absorbs more bad debt.
• The solvency of every stablecoin held as reserve backing, because the depeg of a small allowed stablecoin can turn a modest shock into a reserve shortfall.
• The governance of any protocol with permission to upgrade parameters, because a malicious or coerced vote can change collateral factors mid-cascade.

This is why "I only use blue chips" is not a complete answer. Blue chips are composed of each other. Using Aave means inheriting the risks of its oracle provider, its allowed stablecoins, and the AMMs its liquidators rely on — whether you read their documentation or not.

Risks to understand before you participate

Every part of this series has emphasised that DeFi is permissionless in both directions: you can enter without asking, and nobody will stop you from losing everything. The composability layer adds a specific set of risks that no single protocol can eliminate.

• Correlated liquidations. Your position may be conservatively leveraged on its own but part of a crowded trade that all unwinds at once. The April 2026 rsETH loop unwound billions in deposits over two days because thousands of users had constructed structurally identical positions.
• Oracle edge cases. Every oracle has a failure mode — stale data, manipulated TWAPs, exchange-specific outages. If the protocol you use does not publish its oracle configuration, you cannot price this risk.
• Governance capture of dependencies. A protocol you use may be safe today and unsafe tomorrow because a protocol it depends on changed a parameter. Dependency governance is your governance, whether you vote or not.
• MEV extraction during stress. In a cascade, MEV searchers extract value from liquidations and slippage. Your "safe" withdrawal during a panic may execute meaningfully worse than quoted because the mempool is saturated.
• Cross-chain amplification. A shock that starts on Ethereum can reach an L2 with a multi-minute to multi-hour delay through bridges, meaning you may see the cascade coming and still be unable to exit.

These are not exotic tail risks. They are the base-rate behaviour of the system during the handful of stress events that occur every year — Black Thursday 2020, Terra's May 2022 implosion, the March 2023 USDC depeg, April 2026's rsETH cascade.

How to participate with composability risk in mind

You cannot opt out of composability without opting out of DeFi. What you can do is size your exposure as if the full cascade will happen, because historically, some version of it does every few quarters. Practical adjustments:

• Cap any single DeFi position at a size you would accept losing to a multi-protocol cascade, not to a single protocol hack.
• Prefer positions where all four channels (price, collateral, liquidity, peg) are not simultaneously load-bearing.
• Diversify across issuers, not just protocols. Holding USDC on Aave and USDC on Compound is one bet, not two — the issuer is the shared failure point.
• Keep a reserve in self-custodied assets outside DeFi. Systemic events are precisely when you want dry powder you can move without asking a protocol's permission.
• Read the oracle and liquidation parameters of every protocol you use, not just the marketing page. If you cannot find them in thirty minutes, the protocol is not transparent enough for its risk profile.
• Accept that some yields exist only because someone, somewhere, is underpricing the cascade risk. Often that someone is you.

Key takeaways

• Composability is not a feature of DeFi; it is the architecture, and systemic risk is its necessary shadow.
• Cascades propagate through four channels — price, collateral, liquidity, and peg — and most large incidents combine at least two. Black Thursday 2020, Terra's May 2022 collapse, the March 2023 USDC depeg, and April 2026's rsETH cascade are the canonical case studies.
• Audits verify individual protocols against their specifications; they do not verify the assumptions protocols make about each other.
• Your real exposure is the transitive closure of every protocol your protocol depends on, including their oracles, their stablecoin reserves, and their governance.
• Size positions as if the full cascade will happen once a year, because historically, some version does.

This post concludes the eight-part DeFi from First Principles series. You now have a mental model that runs from the definitional question of what DeFi is, through the primitives — wallets and gas, AMMs, lending, stablecoins, impermanent loss, oracles — to the systemic layer where those primitives interact. The goal was never to make DeFi sound safe. It is not. The goal was to give you the vocabulary to price risk you used to take blindly. Use it carefully. The protocols will keep composing with or without your understanding; you only get to choose whether your capital does so on purpose.