umbrella-forum-main-banner1920×1331 225 KB

Simple summary

Presenting to the community the implementation of Aave Umbrella, a system for users to stake their Aave aTokens covering potentially arising deficit (bad debt) on Aave systems, and earning rewards for it.

This post covers all aspects of Umbrella:

• Smart contracts.
• Security procedures.
• Aave DAO’s user interface.
• Branding guidelines.
• Activation recommendations.

The codebases of all Aave Umbrella components are on:

• Umbrella smart contracts: https://github.com/aave-dao/aave-umbrella
• Umbrella UI (Aave DAO):https://github.com/aave-dao/aave-umbrella-ui

Umbrella is now fully ready for activation in production, with all development and security procedures finished.

Context

In THIS POST, we introduced the early design of the Aave Umbrella system, but the following is a summarised recap.

What is Aave Umbrella?

Umbrella-what-is-it1920×1532 120 KB

One of the main project/product lines of the DAO is the Aave Safety Module: a system by which users can currently stake their AAVE, stkABPT (Balancer AAVE/wstETH LP token), and GHO to earn rewards, but by potentially getting slashed to cover any arising bad debt on the Aave liquidity pools.

Aave Umbrella is a radical evolution of that system, by which, instead of staking AAVE and stkABPT, users will stake Aave v3 aTokens like aUSDC or aUSDT for rewards and risk of slashing. Aave aTokens are the best possible asset to cover bad debt arising on the Aave pools, as they only need to be burnt in that scenario, compared with currently AAVE/stkABPT that currently would need to be sold.

Additionally, Umbrella is an objective system, depending on the existence of bad debt (called deficit) on the smart contracts data of the Aave pools to trigger a slashing, instead of depending on governance decisions or other subjective mechanics.

Finally, Umbrella’s on-chain rewards management is designed to be, even if still pretty flexible and fair for stakers, oriented to capital efficiency on the budget management of the DAO.

Why improving the current Safety Module?

The current Safety Module, even if functional and pretty innovative when it was introduced years ago, has some shortcomings:

• Aside from GHO, the other assets staked (AAVE, stkABPT) are loosely correlated in price with the assets that generally would need to be covered in the Aave pools if bad debt arises: highly borrowed tokens like stablecoins or ETH. That means that in the majority of scenarios, the slashed AAVE tokens would need to be sold in the market to acquire e.g. USDT, and then repay the bad debt.
  This is not capital efficient, and also creates bad economic dynamics on the AAVE token, for example in anticipation of major slashes and the consequent sell pressure.

• In the current Safety Module, slashing rules are very subjective: any slashing is decided via governance proposals. Even if this has some positive implications (e.g. governance can decide to slash or to use treasury funds), it also creates very important uncertainty around:

  1. In which situations slashing should happen?
  2. Will $AAVE/stkAAVE holders vote for slashing?
  3. Exactly which networks/pools are covered by the Safety Module?

  Some of the previous have been addressed via governance frameworks (e.g. which pools/networks are covered), but subjectivity in this context is not positive, as generally bad debt is measurable.

• The system is relatively rigid on incentives, as each staked asset like stkAAVE can only have one type of reward (currently AAVE) on-chain, which is not aligned with the community direction of for example having AAVE, GHO, or any other.

• Staking and slashing are fully Ethereum based, which adds limitations on both capital acquisition for staking or even operational complexity to move slashed funds to any network to cover bad debt.

Specification

Umbrella smart contracts

The high-level design of Umbrella has not changed radically since the initial post, and instead, the focus has been on polishing the different components, simplifying them, and making them as useful as possible for the expected usage of the Aave DAO.

On the smart contracts side, there are the following three major smart contract components.

Umbrella-staked-tokens4000×583 153 KB

1. The Umbrella StakeToken/s (stk)

Umbrella’s StakeToken is a staking smart contract for users for Umbrella: one StakeToken instance for each wrapped aToken of an Aave pool.

Extensive high-level and technical documentation of the StakeTokens can be found HERE.

They have the following characteristics:

• Technically, they are generic ERC4626 vaults supporting non-rebasing underlying tokens.
• They are oriented though to be used initially with 2 specific underlying tokens: wrapped Aave v3 aTokens (previously known as stataTokens), and GHO.
• Fully liquid on the supply side, without any cap.
• Withdrawal of funds from the StakeToken can be done only after activation of the cooldown period, during a follow-up withdrawal window. This is the same as with the existing stkAAVE/stkABPT/stkGHO, with a 20-day cooldown period and 2 days withdrawal window.
• When staking, there is risk of slashing (more on this in the Umbrella core description), based on the deficit (bad debt) accumulated on the associated Aave borrowed asset.
• As counterpart of the slashing risk, stakers earn rewards.
• Compatible with permit()-like operations, for example for staking and withdrawal, but also for activation of cooldown by a third-party (cooldown operator) chosen by the staker.
• Upgradeable, with upgradeability controlled by the Aave governance.
• The Aave governance will be in full control of which StakeToken/s to create: for which assets are listed in an Aave pool (or GHO), and on which network.
• Each StakeToken protects one and only one borrowed asset listed on the associated Aave pool in a network. For example, staked waUSDC core would protect deficit on borrowed USDC on Aave v3 Core Ethereum, staked waUSDS core would protect borrowed USDS on Aave v3 Core Ethereum; or staked waWETH Arbitrum would protect borrowed WETH on Aave v3 Arbitrum.

Permissioned actions & roles

All admin-like actions on StakeTokens happen via the Umbrella core smart contract. However, the final recipients of permissions over those actions are granular, as follows:

• Change cooldown to withdraw: Aave governance.
• Change unstake window: Aave governance.
• Emergency pause and unpause: Aave Protocol Guardian.
• Slash: automated, and regulated by the logic of the Umbrella core smart contract.
• Upgradeability: Aave governance.

In summary, users stake their wrapped aTokens into a StakeToken in a network to earn rewards, but with risk of slashing if there is any deficit (bad debt) arising in the connected Aave pool.

2. The Umbrella Rewards Controller

When users stake their wrapped aTokens into Umbrella StakeTokens, they immediately start accruing rewards. The accounting, management, and distribution of these rewards is managed fully on-chain by the Rewards Controller smart contract.

An extensive high-level and technical documentation of the RewardsController can be found HERE.

Umbrella’s rewards management sub-system has the following characteristics:

• Designed to have one RewardsController per network where the Aave governance wants to activate Umbrella: all StakeTokens on the same network “hook” into the Rewards controller.
• Users can claim rewards from the Rewards controller, accrued by staking.
• Each StakeToken can have up to 8 different reward tokens associated. For example, Staked wrapped aUSDC can have simultaneously USDC, GHO, and AAVE rewards.
• Per each reward token, each staked asset defines an emission of token rewards per second: e.g. per second, for Staked wrapped aUSDC the RewardsController could configure rewards of 0.1 GHO (8’640 GHO per day), which would be the total getting distributed amongst all stakers.
• More on the Emission Curve section, but for each asset, rewards levels depend mainly on two parameters:
  • Target liquidity: the amount of staked assets the system optimizes rewards towards; at target liquidity of total assets staked, the system is distributing maximum aggregated rewards.
  • Maximum emission per second: rate of token rewards per second at target liquidity of staked assets. Both when total staked assets are lower or higher than target liquidity, the emission per second of rewards is lower.
    For example, for Staked wrapped aUSDC, the RewardsController could configure a maximum emission per second of 0.1 GHO (8’640 GHO per day), which would be the total getting distributed amongst all stakers at exactly Target Liquidity staked tokens.
• Allows for claims of rewards in batch.
• Supporting claiming rewards via permit()-like logic.
• Each staker can configure zero or multiple addresses to claim rewards on their behalf.
• Upgradeable, with upgradeability controlled by the Aave governance.

Umbrella_curve-ronnies3207×1458 177 KB

The Emission Curve

As previously described, the Rewards Controller manages rewards distribution for stakers fully on-chain, with a more dynamic system compared to that of the current Safety Module.

The reward rate for total assets is static on incentive systems like the one for stkAAVE, or the one used to reward supplies and/or borrowers on Aave v3. This means that for example, the Aave governance can configure an emission of rewards of 820 AAVE tokens per day, and, if the total staked assets is 1 AAVE, the user staking 1 AAVE will receive 820 AAVE per day, a massive amount of incentives. On the other hand, if there were 10’000’000 AAVE staked and the same reward rate of 820 AAVE per day, each staked unit of AAVE would receive 820 divided by 10’000’000, very small incentives.

If the Aave governance would want to give good incentives when the total staked amount is very small, but not massive with a hundred thousand of APY, in the existing “legacy” systems like stkAAVE’s a rewards admin would need to manually adjust the rewards rate, by monitoring how much assets are at stake each moment. This is not scalable, or optimal operational-wise, and so the Umbrella Rewards Controller works quite differently.

Goal-wise, staking tokens like the ones of Umbrella are oriented to optimize for X total staked amount. For example, after modelling coverage potential on deficit of an Aave pool, the Aave governance may want to have 50 million total staked wrapped aUSDC, and allocate 2.5m USDC rewards per year for it.
The on-chain smart contracts should optimize for that, and that is precisely what the Umbrella Emission Curve does.

Umbrella_curve-graph3207×1777 201 KB

Umbrella’s Emission Curve is a mathematical model optimizing the distribution of rewards for the following:

• The system defines a maximum we want to trend to: the Target Liquidity. Target liquidity is for example a configuration saying: “We want to trend the total staked assets to be 10’000’000 assets”.
• Whenever liquidity is bootstrapping and total staked is far below the Target Liquidity, the rate of rewards should be proportionally higher than when being close to the Target Liquidity, as we want to attract people to stake.
• Whenever total staked assets are above the Target Liquidity, rewards should be (slightly) proportionally lower, as we don’t want to attract more people to stake.
• The maximum reward rate of the system happens when the total staked assets are exactly Target Liquidity.
• We believe that systems showing or advertising hundreds or thousands of APY are misleading, as they are showing a temporary scenario that will disappear as soon as any minimal liquidity enters.
  Umbrella’s Emission Curve has a high-level effect of “softening” the rewards APY: even when assets staked are very low, this doesn’t reflect in massive APY, only proportionally higher than when more assets are staked, but within “sane” limits.
• The system is easy to understand and relatively predictable for treasury contributors. As the maximum expenses of the system happen at exactly Target Liquidity, that is the upper limit that will be spent for each reward of an asset on Umbrella. On all other levels of staked assets (above and below), expenses in rewards are lower.

On the following simulation tool, anybody can “play” with different configurations of the Emission Curve Umbrella-APY | Desmos, but a numeric example would be the following (simplifying with USDC as the staked asset, instead of how it will be in Umbrella with wrapped aUSDC):

• Target liquidity configured at 10m USDC.
• Rewards of 3’300 $AAVE tokens per year.
• Average price of $250 for $AAVE.
• At target liquidity, the APY is ~8.3%.
• The maximum APY (when a minimal amount of USDC is staked) goes to ~16%, but never above, decreasing in a “softened” manner to ~8% at Target.
  As a general rule, the maximum APY is double the APY at Target.
• When liquidity staked surpasses the Target, the APY decreases, but very slowly. For example going down to 4% when liquidity staked is 25m USDC, 2.5x the intended target.

Permissioned actions & roles

• Configuring new rewards for assets rewarded (StakedTokens): Aave governance.
• Configuring major parameters for asset rewarded (e.g. Target Liquidity): Aave governance.
• Set an address to claim on behalf of a staker: Aave governance.
• Modify rewards parameters of already-configured rewards: address with REWARDS_ADMIN role (e.g. Aave Finance Committee).

In summary, Umbrella Stake Tokens plug into the Rewards Controller smart contract, which regulates rewards for them, via a dynamic system implemented on the aforementioned Emission Curve.

3. The Umbrella core

Umbrella core is the smart contract acting as high-level orchestrator/controller/configurator of all the StakeTokens associated with an Aave pool, and handling slashing and deficit coverage logic.

An extensive high-level and technical documentation of the Umbrella smart contract can be found HERE.

It has the following characteristics:

• One Aave v3 Pool, one Umbrella core smart contract associated with it.
• It acts as the main hub to create instances of StakeTokens, and configure them.
• Contains the logic of deficit levels that cause an immediate slash on any of the StakeTokens controlled by the Umbrella contract.
• Manages deficit coverage on the connected Aave v3 pool, by “pulling” tokens from an external entity and using them to cover the deficit.
• Defines pairs of assets to cover on Aave and StakeToken associated with them, in this first version a 1:1 relation. For example, to cover USDC on Aave, you have wrapped aUSDC as the associated StakedToken.
• Contemplates 2 types of internal deficit:
  • Pending deficit: funds already slashed, that will be used to cover the deficit on the Aave pool.
  • Deficit offset: a variable representing a lower threshold to not slash funds under it. E.g. (with some extra logic aside), high-level a 1’000 offset means that while the deficit accrued on the Pool is below 1’000, no slashing will affect stakers.
    This is to be used for the DAO to high-level defined something like “while the deficit of USDC on v3 Ethereum is below 100’000 USDC, no slashing on Umbrella waUSDC will happen, as the Aave Collector will cover said deficit”.

A realistic slashing flow on the Umbrella core contracts is as follows:

1. Some deficit is accrued on USDC of Aave v3 core Ethereum, e.g. 1’000 USDC.
2. An automation calls the slash(USDC) on the Umbrella core. As the deficit offset was configured to 500 USDC, the 500 USDC value of the staked wrapped aUSDC gets slashed.
3. The slashed funds (waUSDC) are sent to the Aave Collector. As of now, those slashed funds are not withdrawable anymore by stakers, which means the 500 deficit on the pool is technically “hedged”: the Aave DAO will cover that deficit, as it has funds for it.
4. An address with a required role and permission to pull 500 waUSDC from the Aave Collector, will call coverPendingDeficit(USDC, 500). The Umbrella contract will pull funds from that address holding the waUSDC and will use them to call the eliminateReserveDeficit(USDC, 500) on the Aave v3 pool.

Umbrella_slash-diagram1920×1115 89.9 KB

Permissioned actions & roles

As previously mentioned, aside from its configurations, Umbrella core also acts as an entry gateway for granular entities to configure Stake Tokens. As those have been already explained in the Stake Token section, here we will only outline the configurations available for the Umbrella core system itself, which are the following:

• Enable new pairs of assets to cover on Aave v3 ↔ Staked Token: Aave governance
• Change any slashing configuration (e.g. deficit offset, pricing for underlying of the Stake Token: Aave governance.
• Upgradeability: Aave governance.
• Initiate slash: permissionless, regulated by the logic of the smart contract.
• Cover deficit (both pending and offset): an entity with COVERAGE_MANAGER_ROLE, initially probably the Aave governance, but designed to have some constraint smart contract with that task.
• Rescue funds sent by mistake: Aave Protocol Guardian.

The Umbrella UI

We believe scopes like the Umbrella project should cover all the vertical, from smart contracts to user interaction venues. Because of that, and to complement any other access point to Umbrella, we have created a UI application that allows users to interact with the Umbrella smart contracts, allowing for:

• Staking.
• Activating cooldown.
• Unstaking.
• Claim rewards.
• Visualise aggregated data of the staking positions.

Similar to for example the Aave Governance V3 interface, the Umbrella interface follows the following principles:

• Owned and BUSL-licensed to the Aave DAO, but friendly to integrations. In this case, naturally allowing anybody to host it, use it, and modify it if the smart contracts interacted with are the official Umbrella addresses approved by the DAO.
• Oriented to easy hosting (e.g. via Vercel), or even self-hosting. Ideally, anybody who wants to give access to the Umbrella smart contracts can host an instance of the interface, adapting it or extending it as wished, for example, to build better UX or additional products on top of Umbrella.
  For example, BGD will host an instance of the interface, but anybody else can.
• Fully decentralized, only depending on RPC endpoints that anybody can configure on their own.

The Aave Umbrella UI codebase can be found on the aave-dao Github org, on https://github.com/aave-dao/aave-umbrella-ui. It will be production-ready only at the activation time of the Umbrella smart contracts by the Aave governance.

Umbrella_ui-screen1920×1428 107 KB

Umbrella batch helper

As a peripheral smart contract, we have created a smart contract to simplify interactions with Umbrella, the UmbrellaBatchHelper.

The contract has been audited and in this case is fully MIT-licensed, for anybody who wants to interact with Umbrella to be able to use it on their UX flows.
All details about the batch helper can be found HERE.

Security

Aside from the usual unit/end-to-end testing of the smart contracts, and all BGD’s internal quality assurance, we have engaged and already completed all external security reviews planned, including the following:

• Security review by @StErMi (https://x.com/StErMi) here.
• Security review by MixBytes (https://x.com/MixBytes) here.
• Security review by Ackee (https://x.com/AckeeBlockchain) here.
• Security review by @Certora (https://x.com/CertoraInc) here.

The total cost of the security reviews has been $249’000, paid to the security firms by BGD Labs and to be refunded from the Aave DAO on the activation proposal of Umbrella.

Umbrella branding

Umbrella_full-logo3207×1458 159 KB

As part of their scope for services to the DAO, @AaveLabs produced an official brand book with visual components to use and guidelines to follow when referencing high-level Aave projects or the Aave DAO and community.

Given that Umbrella will be one of the major product lines of the Aave DAO, we believe it should be aligned branding-wise with the approved Aave brand kit and styling. So we have created an Umbrella “add-on” for it, that we will contribute via PR on the aave-brand-kit repository.

The following is a summary of Umbrella’s visual identity we propose:

Logotype

Aave Umbrella’s logo combines the global Aave logo, with a similarly styled umbrella, representing the ghost (Aave and all its users) being protected by the new system (the umbrella).

Umbrella_logo-white3207×1458 87.5 KB

Colors

Currently, the yellow color on Aave’s brand guidelines is already used to represent for example stkAAVE or stkGHO on the legacy Safety Module.
We think it was a good decision, and we expanded on it assuming the same color as the official of the Umbrella product line, with an accent of Aave’s purple in components like the asset frame.

Umbrella_Post_colors3207×1052 135 KB

Staked tokens’ asset frame

The conceptual reference used for Umbrella’s Stake tokens’ asset frame is a zenith plane of an umbrella.

Umbrella_frame-concept3207×1458 178 KB

That concept materializes in a frame surrounding the Umbrella Stake Tokens, with colors used the following way:

• If the frame is exclusively yellow, it means the staked asset is not an Aave aToken, for example, GHO.
• For staked Aave aTokens, the frame is a combination of yellow and purple, representing both Umbrella and Aave.

Umbrella_Post_Frames1920×1355 63.7 KB

Examples of illustrations

Umbrella_Post_Ronnies1920×3651 233 KB

Umbrella activation guidelines

Activating the Umbrella system into Aave comprises different decisions that the DAO should approve.

In the following points, we try to summarise those, and welcome service providers from other involved “departments” of the DAO to give their feedback. Important to highlight that these are guidelines for the initial activation of the system, which naturally will evolve.

• Networks/pools to activate Umbrella on. Umbrella can technically be enabled on all networks hosting Aave pool/s, as it only depends on Aave v3.3 being enabled, which is the case for all networks where Aave lives.
  In practice, we recommend starting with a selective subset of networks during the first 2-3 months, as service providers need to get familiar with the non-technical flows of Umbrella in production, like Target Liquidity modeling or rewards management.

  For example, based on market size and user count metrics, one realistic option is enabling Umbrella on Ethereum, Arbitrum, Avalanche, and Base; but not problematic to add one or 2 more if strategic anyhow for the DAO.

• Assets to enable on each network. On the assets side, we recommend initially focusing on a small subset of assets on each of the selected pools, with the following characteristics:

  • Highly borrowed, as deficit will only materialize in borrowable assets.

  • Associated with positions with the hypothetical potential to create deficit: e.g. a WETH collateral USDC borrowing position can create deficit, or even a USDC collateral and USDT debt. But wstETH collateral WETH debt positions are less likely, given the pricing model of wstETH.

    Generally, it is a safe choice to enable only the major stablecoins of a pool (e.g. USDC, USDT, or maybe USDS), WETH, and potentially WBTC.

• Cooldown period and unstake window configuration. To not overcomplicate the activation procedure, we recommend the same parameters as on the current Safety Module with a 20-day cooldown period and a 2-day unstaking window.

• Rewards management. Similar to other Aave on-chain systems, Umbrella has been designed with a governance-first approach to start with. It means that for example, initializing new Umbrella StakeTokens must be done via on-chain governance proposals, or configure very high-level parameters like the Target Liquidity of each StakeToken.

  On the other hand, “maintenance” tasks of rewards are to be managed by a Rewards Admin role, given/revoked by governance, but in charge of, when a StakeToken and reward is enabled on Umbrella, modifying parameters like the maximum of rewards per second at Target Liquidity, the duration of the rewards distribution, or even disabling rewards completely.

  As the initial entity to manage rewards, we agree with what was proposed in the Aavenomics ARFC: the Aave Finance Committee.

• Funds management for rewards. Aside from the configuration of rewards, for obvious reasons, the tokens being rewarded should be available to the Aave Umbrella to pull and send to stakers claiming them.
  On Umbrella, each configured reward has a rewardPayer address configured from where funds will be pulled from.

  Keeping that in mind, we recommend the following:

  • On networks where the DAO holds already enough funds in its Collector or Ecosystem Reserve to cover any potential rewards configured on Umbrella, make them available to the Umbrella contracts or directly, or even better, isolate them to a separate Collector instance with limited funds than can be periodically topped up.
  • On networks where Collector funds are not enough, or the assets bridging infrastructure of the DAO is not solid enough, use the same isolated Collector instance, but be topped up by the Aave Finance Committee.
    For example, a monthly governance proposal will transfer from the Ethereum Collector to the Aave Finance Commitee Safe enough funds to cover rewards for 1-2 months on let’s say Base, the Commitee will bridge them to Base and top up the isolated Collector there.
    The idea with this is being operational effective, but reducing still to the minimum the delegation on funds management.

• Transition period from stkAAVE/stkABPT/stkGHO. As Umbrella requires a certain time for minimal bootstrapping, we recommend keeping slashing active on stkAAVE and stkABPT until Umbrella liquidity reaches Target Liquidity or even if less, acceptable levels.
  The case of stkGHO is different, as Umbrella should have a StakeToken instance for GHO staking from day 0. So for GHO, we recommend removing slashing and cooldown from the current stkGHO, and moving rewards to the new Umbrella staked GHO, for all stkGHO holders to migrate without any barrier.

FAQ

How frequently a slashing is expected to happen?

In a protocol like Aave, a small deficit on highly borrowed assets is expected to happen, but in a very low order of magnitude.
As an example, during the month Aave v3.3 (accounting for deficit) has been enabled in production, approximately $400 deficit has been accrued across all Aave v3 Pool.
If we compare with the close to $9.5 billion outstanding borrows, that is approximately 0.000004% of the outstanding borrowings in a month.

Umbrella is designed to do relatively frequent slashings, but in very low order of magnitude, with rewards plus supply APY of aToken almost always being way higher than the loss from slashing.

Considering the DAO fairly certainly defines an offset to not slash funds under, and that historically the Safety Module has never been slashed, slashing events in size should not be too frequent.

However, Umbrella is a fair and rational system: you earn rewards as a staker, you have risk and accept it.

While staking aTokens, does my balance grow? Meaning, is the staked token rebasing?

No, the system always wraps your rebasing aTokens before staking them on Umbrella. However, if using the Umbrella UI, the wrapping/unwrapping happens transparently for you in one transaction.
When unstaking from Umbrella, you can choose if you want to withdraw from a rebasing aToken to a non-rebasing (wrapped) one, or even if completely out of Aave.

What happened with the yield I accrued on my aTokens when staking?

You keep accruing that yield while staking, as the aToken itself is staked. For example, if aUSDC is yielding on Aave 6% and staking rewards are 4%, when staking you will receive a total of 6% + 4% = 10%.

If I stake my aUSDC on let’s say Arbitrum, do I have slashing risk only from Arbitrum or from all Aave pools?

If you stake aUSDC on Arbitrum, you are only accepting slashing risk for borrowed USDC on that pool in Arbitrum, nothing else.

If I’m using the current Safety Module (stkAAVE, stkABPT, stkGHO), do I need to do something?

Due to the Aavenomics proposal, stkAAVE and stkABPT will suffer some changes, with the major being that slashing will be at some point after Umbrella activation is disabled.
However, Umbrella is a separate system, as the assets to stake are aTokens (e.g. aUSDC, aUSDT), not $AAVE or LP tokens like Balancer ABPT. So if you are holding stkAAVE, stkABPT, nothing needs to be done on the Umbrella side.
For stkGHO, there will be a migration required, but as slashing and cooldown will be disabled, will be as simple as withdrawing from the legacy stkGHO and staking in the Staked GHO of Umbrella.

This FAQ will be updated as questions on the community arise.

Disclosure

The contents of the Umbrella project have been produced by BGD Labs to the Aave DAO in the scope of the engagement for services described HERE.

The system has been designed exclusively for the benefit of the customer (Aave DAO), all intellectual property and licensing rights of the different components of Umbrella presented belong exclusively to the Aave DAO, represented by its governance smart contracts on the Ethereum blockchain.

Next steps

• Wait for feedback from the community and/or other service providers, to model a final set of recommendations for the initial activation of Umbrella.
• Create an ARFC Snapshot outlining the final activation parameters of Umbrella.
• If the ARFC Snapshot is approved, proceed with the activation of Umbrella in production, via Aave governance AIP.

Exciting! One question:

Will existing stkAAVE holders need to do anything (e.g. migrate their tokens)? Or will a migration happen automatically after activation?

Hi @Peanut . We added a clarification to that on the FAQ

Hey @bgdlabs, amazing work!

One small question though. I’m sure there’s a solid reason for this, but could you share why ‘Slash’ is automated while ‘Cover Deficit’ is not and still heavily relies on the DAO?

Would be great to get more insight about it

That’s a pretty good question @Tor_GAINS.

The rationale is the following:

• In financial terms, Umbrella’s slashing is akin to a mechanism to hedge the pool against deficit. It means that whenever a deficit over a certain threshold (offset configured in Umbrella) arises, the system needs to hedge itself, and like with any type of financial hedging, speed is key.
  Additionally, having a subjective mechanism deciding when the slashing step happens skyrockets the complexity of the system, potentially entering a situation of decision-making “lock”, leading to no action and the Aave pools suffering damage.
• However, when the funds were already slashed, the elegancy of Umbrella using aTokens as a staking asset unveiled itself. With the accounting system introduced on Aave v3.3, if a liquidation leaves a deficit, the system 1) accounts for it increasing the deficit variable for that borrowed asset and 2) burns the debt tokens, for that deficit to not accrue interest. Especially due to 2), that means that for example 1’000 USDC deficit only means that if everybody would try to withdraw (including the Aave DAO holding aUSDC), there would be not enough funds.
  So going back to Umbrella, if the slash() was fast enough, and the DAO holds the equivalent of 1’000 USDC supplied to Aave, it means that unless the DAO would want to withdraw those funds (which would be nonsense reputation-wise), the system is factually net.
  Consequently, and aside from minor technical details of yield accrued on the deficit, the step of factually covering the deficit is not an urgent one, because factually there is little difference between doing it very fast or slow within certain limits: the slashed funds are “out of circulation”, no matter if burnt or not yet.
• Due to previous consideration of deficit coverage being acceptable as a slow mechanism, the other consideration enters into the picture: security.
  On some types of smart contracts, if not having any high-level or economic consequence, sometimes is better to have a “slow”/multi-step mechanism than an immediate one. It is not completely the same, but it is akin to flash loans: they have been dangerous historically for protocols precisely because of their “flash” nature, which opens the door to numerous types of security vectors that would not be applicable if not.
  Hence, we took the decision to be conservative and keep for now the deficit coverage “slow”.

Awesome and congratulations on creating this system. Its really innovating and could be the needed change to attract institutional money as Umbrella will be the security cushion for them and their users.

I do not have a questions regarding the system itself as it has been explained pretty well in the TEMP CHECK last year, but I would rather like to make a suggestion.
The Umbrella UI will be created by @bgdlabs. While this is great and they can be trusted 100% I still do think it would be great and important that @AaveLabs also integrates Umbrella into their UI.
Aave.com/app.aave.com is just the known website behind the protocol and we already had people asking for example if the merit claim page can be trusted, created by @ACI.

By implementing this we can make sure, that people easily get access to Umbrella, they can be sure they do connect to a trusted website and it could be the boost needed to growth Umbrella pretty fast.
I could see this being implemented with a switch. By clicking it one can see a pop up message making sure they understand the associated risk by staking aToken and then the additional APY. Just like in the example provided by @bgdlabs in this proposal.
Its just about recognition, and while I do think BGDLabs is already pretty known, aave.com proabably still is way more for the average user.

And of course I do hope that third party apps like Defisaver and others will integrate Umbrella for their user as well.

Well done, in favor of this

Huge congrats to @bgdlabs !
The rewards distribution curve mechanism is truly interesting—I can’t wait to see it live!
This proposal will undoubtedly mark Aave’s history

512×509 274 KB

Thanks for the much awaited updated.

So w.r.t stkAAVE and stkABPT, the cool down to remain same until the new umbrella is bootstrapped well and turned on. Post that assume the cooldown will be set to ZERO?

Hello @EzR3aL and thanks for the feedback.

Regarding the user interface, here are some clarifications and context that can help other readers too:

• The UI is already created and aside from small adaptations required for full production smart contracts, it is fully ready. That’s the reason we published on https://github.com/aave-dao/aave-umbrella-ui, with instructions for self-hosting if anybody wants to test it out.
• Hosting of that UI is technically a separate topic. The idea behind this is that we develop a system production-ready for anybody to run, no matter under which domain, and we maintain that base system.
• Being so easy to run means that we respect what we believe still is a foundational principle of DeFi that, when possible should be respected: a user should be able to run its blockchain node, its wallet, and its interface (of any kind) to access the applications deployed on the chain. This is frequently not an easy task (or even doable depending on the type of product) and not the average user target for Umbrella, but we think as a leader in the industry, Aave must keep producing products with this type of mentality.
• Another angle from where the UI gives value is that, as we created the smart contracts, it is just natural that we understand pretty well how to interact optimally with them. With that in mind, the UI codebase acts also as a pretty good example for others who want to build something interacting with Umbrella.

Hi @0xmonk. That is more a topic to decide on the Aavenomics side and not exactly Umbrella, but in general, yes, we think that in terms of slashing for covering deficit, stkAAVE and stkABPT don’t need any cooldown.

We have proposed an idea for the initial TEMP CHECK of the Aavenomics of slashing hooks that could potentially reintroduce stkAAVE/stkABPT into the picture, but that requires quite some extra discussion and will not be introduced to start with on the Aavenomics.

LlamaRisk expresses its gratitude for the hard architecture, implementation, security, risk, and design work put into this thoughtful evolution of the Aave protocol. We look forward to working alongside service providers in the Aave Finance Committee (AFC) to help further segment risk, improve efficiency, and make the protocol more attractive.

Having been brought into the ideation process at an early stage by @bgdlabs, we have prepared a Umbrella capitalization methodology to facilitate maximum value add for Aave DAO as a member of this council.

Awesome update. Community has been expecting Umbrella for a while. Hopefully no rainy days ahead for the protocol.

Love the Umbrella branding. All in favour.

So happy and excited to see how Umbrella will unfold.

I do wonder what are the ways DAO will use this tool. Feels like many expect greater institution adoption, which, while promising, still depends on things outside our control.

Another possible, and in my opinion, desirable use is enabling more risk in pool setups. Would couple well with Chainlink liquidation oracle.

Deficit offset is also an interesting point. You could theoretically setup debt tranches with it.

Last comment, on a thing I would like to see in the future:
Umbrella is great, but at the end, it is a tool to pay for insurance. If proven an effective mechanism to attract more borrowing, we should create a synergistic AAVE’s insurance fund. Fully automatic, untouchable funds sitting in Umbrella.

How long will stkAAVE rewards last after umbrella is up and running? No description seen

As we’ve said previously, excited to see Umbrella go live - it’s been a long time coming!

The only point we’d like to echo is the UI one; it’s important for users to be able to access Umbrella from the main Aave website, and ideally Merit rewards should be claimed from there as well. Having everything available in one location is the easiest UX.

Or at least re-direct via the UI to the other websites so user can be sure it’s approved and safe.

+1 @sid_areta & @EzR3aL

This would make a significant difference. Many less-experienced users and token holders have expressed concerns about using domain names not officially linked to aave.com

Those “external” integrations are clearly slowing our momentum

We’re thrilled to see Umbrella ready for activation!

In the past months, we audited and formally verified Umbrella, getting to know its mechanism better.

From a security perspective, Umbrella, together with V3.3, introduces an elegant solution for handling bad debt. The upgrades reduce operational friction for the future, in addition to the obvious increment of trust in the system by suppliers.

We managed to prove core properties and invariants of the system

The specs can be found here:

Aave Labs is excited about the Umbrella initiative and looks forward to the value it will bring to the community.

• The Umbrella module is being integrated into the Aave Interface in coordination with its activation. This initiative has been a collaborative endeavor for several months between both service providers. For additional details, feel free to review the most recent AL Development Updates from March, February, January, and December.