Thanks, @EzR3aL, @PGov, and @bgdlabs, for your support. It’s extremely important for us to hear the community’s feedback on our past work and the road ahead.
We would like to reply to a couple of points raised here by @bgdlabs and @midapple:
In the OP, we released the list of projects we worked on during the past year (Sept 2023 - Sept 24). Taking into account a couple of confidential efforts we cannot mention here, our occupancy on new development review and formal verification alone is 88% of the time, meaning that on 321 days out of the agreed-upon 365, our team reviewed new code. Moreover, at times we were required to perform multiple reviews in parallel, usually due to a tight timeline from the developing entities. When we were called upon, we made sure to expand our team accordingly to handle the load and fulfil the DAO’s needs. Taking this into account, the total number of days we worked on new code reviews tallies to 448 days (counting multiple times the days we worked on multiple projects in parallel). This brings us to 123% review time in practice.
However, it doesn’t end here. Counting the days of reviewing new projects does not demonstrate the entire value we give to the DAO.
In the 8 months since we took ownership of governance proposal reviews (Feb 5 - Oct 6, 2024), we reviewed 160 AIPs — a rate of 20 proposal reviews per month on average in parallel to any new development reviews.
Any “Idle time” our team had, not performing reviews and formal verification of new development was put to use in various areas:
-
Defining needs, analyzing data and hands-on development of tooling for:
1.1. Our governance proposal review tool (Quorum). It is now opensource.
1.2. Another formal verification-related integration. -
Doing important organizational work to improve and formalize our procedures and services e.g. onboarding multiple team members for Aave governance reviews to create redundancy in this time-critical job, and defining clear guidelines for governance review procedures in Certora.
-
Doing important technical maintenance work that accumulates with time, e.g. upgrading CI on various Aave repositories due to structural modifications by BGD or prover upgrades.
We fully agree with the points raised here on the importance of disclosure and confidentiality. Certora has always acted with Aave’s best interest in mind and will continue to uphold strict confidentiality regarding sensitive information. While we have established relationships with other DeFi protocols, including lending protocols, we will never share internal discussions or any confidential data without prior approval from the relevant entities. We also wish to stress that Certora is allocating a dedicated team to Aave. This means the team members aren’t assigned to any work with other protocols - competitors or not. This results in no leak of information and expertise from the team to competitors.
To further enhance transparency with the Aave community, we will soon share the list of lending protocols we’re engaging with and the type of our engagement with them (after getting their consent)
We also wish to remind the DAO that we have historically inserted a 30-day notice termination clause in every continuous engagement offer we proposed, including the current one.
We hope our response clarifies a little more about our work, ethics and procedures.
We look forward to continuing our collaboration with the Aave community and further strengthening the security of our ecosystem together! In the meantime, we’d love to hear more questions and feedback from the community.