Aave Base: `repay(MaxUint256, onBehalfOf != msg.sender)` reverts

This repository contains a sanitized incident report about a Base Aave V3 Pool behavior that can brick non-upgradeable helper contracts that rely on:

Pool.repay(asset, type(uint256).max, rateMode, onBehalfOf)

when the caller is a third-party contract and onBehalfOf != msg.sender.

What’s included (sanitized)

docs/incidents/INCIDENT.md – summary + root cause (no operational secrets)
docs/incidents/EVIDENCE.json – on-chain helper balance + revert selector + static-call proof (redacted owner address)
docs/incidents/AAVE_MESSAGE.md – copy/paste message for Aave governance forum + Discord

What’s intentionally NOT included

No private keys, RPC keys, .env
No step-by-step salvage playbooks from compromised wallets
No additional scripts beyond read-only proof

Name		Name	Last commit message	Last commit date
Latest commit History 1 Commit
docs/incidents		docs/incidents
.gitignore		.gitignore
README.md		README.md

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

Aave Base: `repay(MaxUint256, onBehalfOf != msg.sender)` reverts

What’s included (sanitized)

What’s intentionally NOT included

About

Uh oh!

Releases

Packages

Uh oh!

Contributors

Uh oh!

Folders and files

Latest commit

History

Repository files navigation

Aave Base: repay(MaxUint256, onBehalfOf != msg.sender) reverts

What’s included (sanitized)

What’s intentionally NOT included

About

Resources

Uh oh!

Stars

Watchers

Forks

Releases

Packages 0

Uh oh!

Contributors

Uh oh!

Aave Base: `repay(MaxUint256, onBehalfOf != msg.sender)` reverts

Packages