Aave Risk Managers - Collaboration Framework

In this post, Chaos Labs proposes a framework for communication and collaboration around proposals and methodologies for Aave Risk Managers.

In addition to this framework, we believe that the formation of a Risk Council (as discussed here), with the participation of the Aave risk managers, will allow an improved and streamlined risk management process.


  1. Create clarity for the community
  2. Maximize the advantages of multiple risk, namely:
    • Independent analyses and research
    • Greater surface area coverage
  3. Reduce tasks and overhead for all parties


Generally, we believe in public and transparent communications surrounding proposals and risk-related discussions.
However, we do want to outline instances where we encourage private and direct collaboration between the risk managers:

  • Major security risks where public communication/information could pose a threat to the protocol.
  • Informing other contributors regarding upcoming proposals to provide any major feedback and prepare public comments for quick turnaround.
  • Iteration and ideation on methodologies that could be done jointly for community use.
  • Coordination of proposals regarding new chain or asset listings

Use Cases:

Major market events

  • During major market events, risk managers should coordinate items to be worked on to maximize coverage of all areas and bring risk mitigation proposals as soon as possible.
  • If capacity allows, independent and multiple research and analysis should be prioritized to allow alternative proposals and ignite data-driven community discussion.

New asset listings

  • Risk managers should coordinate and create a proposal with independent analyses and parameter recommendations (besides parameters that have an agreed-upon methodology) for the community to delve into.
  • The proposal should highlight the differences in recommendations (if they exist) and the tradeoffs between the parties’ proposals.

Ongoing risk parameter updates

  • This part should remain independent as methodologies and simulations are proprietary.
  • As mentioned in the communications section, internal communications between risk managers are encouraged before posting recommendations to facilitate feedback, as well as to prepare clear messaging to the community in cases where recommendations differ.


  • Risk managers should aim to converge on community-approved methodologies when possible and mutually agreed upon. Supply caps and borrow caps are examples of such potential instances.

Next Steps:

We invite the community to provide feedback and discuss the topics above, and suggest additional points that may have been overlooked. Following the community discussion, we will incorporate the comments into a revised framework for the relevant parties to follow.


Thanks very much for kicking off this framework @ChaosLabs. We are supportive of the above points in addition to the below point that came out of our meeting with Chaos yesterday:

  • Making it easier for the community to decide between options: providing enough time for both parties to weigh in, using similar formatting, keeping discussions to a single thread.

Coming out of our meeting yesterday - as a starting point to improve our alignment, we setup open communication lines, bi-weekly syncs, and a shared work tracker.


YES. This is so important.

Providing the community consistency and simplicity will continue to elevate Aave above other DAOs. It leads to stronger contributions and more efficiency; leaving time to focus on building.

Furthermore, you are creating a freedom of choice which is pretty sweet.

Thank you to @ChaosLabs and @dtalwar @Pauljlei et al (Gauntlet) for having these discussions.

Keen to see more.


Hi @ChaosLabs,

Can you please elaborate on what is meant by this statement ?
Currently, difference stages of governance process are performed by different communities.

  • ARCs often published from the respective communities
  • Quantitative Risk Assessment - comes from the Risk Service Provider
  • Qualitative Risk Assessments - reports are normally performed by another team, often @Llamaxyz. This normally includes a deeper dive into audits, multi-sigs, vesting contracts emissions etc…
  • Snapshot - anyone should be able to do this
  • AIP - anyone should also be able to do this

For me the core value add from a Risk Service provider is the actual quantitative analysis as part of the risk assessment. But if Aave develops a public framework, moving the community away from the proprietary price tag and Service Provider dependency, then anyone should be able to build the infrastructure to perform the analysis. The value add then becomes the evolution of the modelling.

If Aave is to incur a cost for supporting an asset listing, Chianlink Oracle, then asset listings will become increasingly so more a business decision with risk parameter inputs.

This part refers to the quantitative risk assessment, specifically the initial risk parameter recommendations for listing the assets.
Ideally, the risk managers would prepare analyses and recommendations for the community and coordinate publication of them for the community, explaining the key considerations and differences between them (if any).

Hi @ChaosLabs,

If that is the case, there are several proposed asset listings that neither Gauntlet or Chaos are yet to provide risk parameters for.

wstETH on Optimism - ARFC dated early December

cbETH - original ARFC dated October 2022

BADGER - original ARFC dated October 2022

I know @Llamaxyz is well advanced on the qualitative review for wstETH and BADGER, and the findings will be published on the forum soon. We were hoping for the quant models to provide parameters ahead of time, but we can share the qualitative assessment first with our thoughts on the risk parameters.