We want to inform the community that all security procedures for v3.6 have now been completed, and the upgrade is almost ready to be proposed to the DAO for activation in production.
Same as on previous upgrades, the following is the list of resources for the community to have visibility on:
- The Aave Protocol v3.6 codebase can be found HERE. As always, this will be merged to
mainline if/when the Aave Governance approves and performs the upgrade on-chain from the current v3.5 to v3.6. - The codebase of the AIP itself performing the upgrade and everything surrounding can be found HERE. Important. There will be minor changes before submission on-chain.
- The security procedures performed in the codebase have been the following:
- All our (BGD) internal testing and evaluation, including making the Aave v3 fuzz suite compatible with v3.6.
- Security review by Sherlock Blackthorn, HERE.
- Security review by MixBytes, HERE.
- Security review by Certora (HERE) and adaptation of formal verification rules of Aave v3.
- Security review by Pashov Audit Group, HERE.
- Supervised (human-in-the-loop) security review by Savant Chat, HERE.
- The governance proposal will include a budget allocation to cover performed audits for a total of 144’152.
The following step will be submitting finishing the review procedures of the upgrade proposal, to submit it to Aave governance on-chain voting. Additionally, upcoming network expansions activations will be proposed already with v3.6 running.