This is our understanding of and view on the situation:
-
Constantly upgrading smart contracts poses security issues to the ecosystem - the point is well made by @stani and @Emilio that even with as robust a security process as Aave and BGD Labs currently have, some issues could slip under the radar, and upgrades should happen only when absolutely necessary (like the Umbrella activation); they shouldn’t just be routine. Where we’re lacking a bit of clarity here is the nature of these upgrades and how important they are. Only then would we be able to understand the real need for them at this point. As such, there needs to be a clearer explanation of the “why” for these upgrades and the benefits users will get that are absolutely critical.
-
It seems as if a lot of the upgrades mentioned here may well be incorporated in Aave v4 - please correct us if we’re wrong. After reading Emilio’s comment, it seems as if we’re pretty close to v4. That is going to be a big launch / upgrade in itself, and as such, it may not be worth it to upgrade these sensitive contracts prior to v4. However, we do see merit in including some changes that are relatively less risky and can improve user experience. It may be worthwhile for BGD and Emilio to align on these in the context of v4’s upcoming feature set and identify which changes would be most appropriate to make at the moment.
Of course, it’s great to see BGD constantly improving the Aave protocol, and we can’t thank them enough for that. The work they do is probably the best in the ecosystem on protocol development and maintenance, and we’re only asking these questions because upgrading contracts is (even in the best of conditions) a risky endeavour.