[ARFC] Continuous Security Proposal Aave <> Certora

Hey @PGov, @ApuMallku, thanks for your questions :slightly_smiling_face:
Let us refer to each question:

As a long-time contributor to the ecosystem, Certora is a big believer in the Aave project. In the past 2 engagements, we included a portion of the compensation (~30%) in AAVE tokens to put the money where our mouth is. We think that getting a portion in AAVE best aligns Certora with the protocol’s success. We want to stress out that we kept all our AAVE tokens since our first engagement.

With that said, if the community is not keen on spending more AAVE treasury tokens for service providers, we’re willing to accept GHO instead of AAVE tokens.

To answer your question directly - with BGD being a central entity that builds and maintains a considerable portion of the ecosystem, our collaboration with them will clearly be substantial.

  1. BGD took on itself to make a series of improvements for Aave v3 as a service provider in the upcoming months. We will consult and review all of these crucial and delicate changes to the core logic of the protocol with security in mind.
  2. Any new components developed by BGD, like the killswitch and potentially others, will be thoroughly reviewed by us upon request.
  3. We will take the responsibility of reviewing every on-chain governance proposal raised on the protocol. In the process of passing the baton, BGD will onboard us and later support us upon request to ensure a top-quality review.
  4. BGD also acts as a first responder for reports of live bugs via immunify and other channels. During the engagement, we will be available 24/7 to examine, consult and review any bug report and suggested patch as per BGD’s demand.

We would like to stress, however, that we’re offering our services to the DAO. This means that we are looking to consult and perform security reviews for every provider developing for the benefit of the DAO. This includes Aave company and additional smaller developing entities. We encourage any provider and developer that got community approval for their project to contact BGD as a security resource coordinator and inquire regarding our availability to perform a security review.