Aave Labs Operational Resilience Fire Drill

Aave Labs is planning to run a community fire drill in the first week of December 2024 to test and assess the operational resilience of the ecosystem. Unlike the previous year’s SEAL Attack Simulation, this drill will not test the engineering team’s ability to diagnose an onchain attack. Instead, the goal is to learn more about the workflows, coordination methods, and information exchange during an incident. It has been a year since these controls were last validated, highlighting the importance of periodic testing to ensure the ecosystem’s readiness and ability to respond effectively.

The community’s involvement is key to this initiative. Aave Labs welcomes interested parties to participate in the fire drill. Please, reach out directly for participation details.

8 Likes

Some feedback from our side:

  • On the organigram of the Aave DAO with multiple Service Providers contributing in multiple areas (sometimes overlapping) it is quite important to always try to respect each field of contribution.
    Sounds very unreasonable that 1) Aave Labs is organizing this, given that it is not its role, engagement scope, or expertise, 2) we (BGD Labs) were not aware of the initiative until it reached the forum, given that precisely this is part of our engagement for services, and even more obvious, we planned, organized and coordinated the aforementioned SEAL Attack Simulation.
    For clarity for the community, this would be akin for us BGD to post a proposal to change the risk simulation infrastructure of risk providers, without even commenting in advance on the idea with @ChaosLabs. Or now during the development of Aave v4, present in the forum an alternative v4 development flow, without first telling to @AaveLabs.

  • Security on a DAO like Aave is something that requires central coordination and planning, especially important in a decentralised system like this, where multiple parties (Service Providers, community Guardians, etc) are involved. We don’t think it is appropriate to just ask in a public forum “who wants to participate” and go from there.

Unlike the previous year’s SEAL Attack Simulation, this drill will not test the engineering team’s ability to diagnose an onchain attack. Instead, the goal is to learn more about the workflows, coordination methods, and information exchange during an incident

  • This is not really how last year’s attack simulation worked, as detection was only the initial step, followed by precisely the other described ones: protective actions on the protocol on the simulation environment, mobilisation of the Aave Guardian, or public communications. We are a bit confused regarding that, given that Aave Labs was a participant on the SEAL exercise, partially precisely on activating the communication channels they have control on, like @aave on X.

Even security initiatives are positive for the DAO and we would prefer to not sound negative about them, it is very unoptimal to try to organize them this way, totally ignoring all types of guidelines and professional respect. This should be especially a consideration point for Aave Labs, given that there is responsibility associated with carrying the same name as the Aave DAO, that can create confusion in the community.

Consequently, we don’t think this should proceed forward, and we will not participate.

5 Likes