We would like to inform the community that all security procedures for v3.7 have now been completed, and the upgrade is nearly ready to be proposed to the DAO for activation in production.
Same as on previous upgrades, the following is the list of resources for the community to have visibility on:
- The Aave Protocol v3.7 codebase can be found HERE. As always, this will be merged to
mainline if/when the Aave Governance approves and performs the upgrade on-chain from the current v3.6 to v3.7. - The codebase of the AIP itself performing the upgrade and everything surrounding can be found HERE. Important. There could be minor changes before submission on-chain.
- The security procedures performed in the codebase have been the following:
- All our (BGD) internal testing and evaluation, including making the Aave v3 fuzz suite compatible with v3.7.
- Security review by Certora (HERE) including review of the adaptation of formal verification rules of Aave v3.
- Security review by Enigma Dark, HERE.
- Security review by MixBytes, HERE.
- Security review by Pashov Audit Group, HERE.
- Supervised AI review by Savant Chat, HERE.
- Supervised AI review by Sherlock AI, HERE.
The governance proposal will include a budget allocation to cover performed audits for a total of $74,662.
The next step will be to finalize the review procedures of the upgrade proposal and submit it to Aave governance for on-chain voting.
Similar as with v3.6, considering the type of changes included, this proposal will be splitted in two phases, to be more conservative security-wise. More precisely, this is the networks included on each phase:
- Phase 1. Sonic, Optimism, Gnosis, Scroll, Celo, MegaEth, XLayer and Ethereum (EtherFi).
- Phase 2. Ethereum (Core, Lido), Polygon, Avalanche, Arbitrum, Base, BNB, Linea, Plasma and Mantle.