Title: [ARFC] Renewal of Aave Guardian - 2024

Author: @marczeller - Aave Chan Initiative

Date: 2024-04-30

Summary

The Aave Guardians are a community-elected group with soft emergency protection permission on the Aave smart contracts. Periodically, the composition of this group undergoes renewals in which members may join, stay, or leave based on community votes. This process has occurred in the past, with the last renewal taking place in 2022. At present, it’s time for another round of renewals to ensure the Aave Guardians continue to embody the evolving interests and needs of the Aave community.

Motivation

The Aave Guardians play a vital role in protecting the Aave Protocol.

This proposal aims to start a renewal of the aave guardian, allowing for the removal of members who wish to step down & the addition of new members more reflective of the Aave DAO’s current active contributors.

Specification

This proposal introduces 2 different Guardians, with a majority of non-common members on each one, and different roles.

Protocol emergency Guardian

This Guardian is the holder of EMERGENCY_ADMIN role in Aave v3, together with similar role in v2 and surrounding systems.
Given that speed is mandatory in an emergency situation, the members recommended are entities really active within the Aave DAO, for example service providers and delegates.

Its multi-sig configuration will be a 5-of-9.

Members proposed (1 representative of each):

• Chaos Labs (risk service provider).
• Llamarisk (risk service provider).
• Karpatkey (finance service provider).
• Certora (security service provider).
• Tokenlogic (finance service provider).
• BGD Labs (development service provider).
• ACI (growth and business development service provider).
• Ezr3al (Aave DAO delegate).
• Stable Labs (Aave DAO delegate).

Governance emergency Guardian

This other Guardian has an even less frequent role: cancel governance proposal whenever detected as malicious or containing mistakes (detected on the on-chain verification stage by Certora).
The rationale of being composed by different members than the Protocol emergency Guardian is that cancellation permissions whenever possible should be held by a different party than protocol-emergency ones. In addition, speed is not as critical as the Protocol emergency Guardian, given that Aave proposals happen during a period of 5 days, and problems can always be detected with enough time-margin.

Its multi-sig configuration will be a 5-of-9.

Members proposed (1 representative of each):

• ACI (growth and business development service provider). In both guardians for coordination/reach purposes.
• Mounir (Paraswap)
• Gavi Galloway (Standard Crypto)
• Meltem Demirors (Coinshares)
• Emilio (Avara)
• Roger (Chainlink community)
• Mariano Conti (DeFi OG)
• Marin (Lido)
• Certora (security service provider). In this governance given their role reviewing governance proposals.

A detailed view of permissions of the Aave Guardian on all Aave systems can be found HERE.

Next Steps

1. Solicit/gather feedback from the Aave community.
2. If community sentiment is favorable, proceed with the ARFC snapshot.
3. if the ARFC snapshot vote outcome is YAE, Escalate to AIP stage for implementation.

Disclaimer

The ACI is not presenting this ARFC on behalf of any third party and is not compensated for creating this ARFC.

Copyright

Copyright and related rights waived under CC0.

I would be happy to assist as a member of the protocol emergency guardian.
Address used will be: 0x8659d0bb123da6d16d9394c7838ba286c2207d0e

LlamaRisk is also happy to assist as a member of the protocol emergency guardian. The address used for our signer will be: 0xbA037E4746ff58c55dc8F27a328C428F258DDACb

To give some extra visibility on the role of both Guardians on Aave:

• First and foremost, the Aave Guardian has no management power in the Aave ecosystem. Its role is purely protective in emergency situations, in both the case of the Protocol emergency Guardian and the Governance emergency Guardian.

• Guardian members are exclusively elected by the Aave governance itself, via the standard procedures.

• An exhaustive list of permissions held by the Guardian can be found on https://github.com/bgd-labs/aave-permissions-book, an indexing tool we created during our previous professional engagement with the DAO (Phase 2).

• As disclosed by ACI, actions that can be done by the Protocol emergency Guardian (and the need of this mechanism itself) require by nature speed: if for example a bug is detected on the system, protective actions like halting supplying/borrowing liquidity should be executed as fast as possible, while a governance proposal with the fix gets prepared for the regular Aave governance to approve. Not having that mechanism would potentially put at risk funds on Aave, given that 1) any governance proposal requires 5 days to get enacted 2) proposals are public in nature, which could expose the bug due to the fix.

• The rationale of the Governance emergency Guardian is slightly different: the Aave governance smart contracts have no “semantical” knowledge of the payloads getting voted and executed. This means that the system doesn’t have any way of understanding what is a malicious proposal or not, same as a proposal containing some type of bug or not.
  The Governance emergency Guardian role is to, also in some type of emergency situation, provide that semantical interpretation of what is really the nature of a proposal. How it will usually work would be that the correspondent security service provider (currently Certora) reviewing proposals would detect that one is malicious or wrong. If wrong, the first step would be for them to notify the creator of the proposal to cancel it, so no intervention of the Guardian would be required. But if malicious, by definition the creator will not cancel it, so the Governance emergency Guardian should.

• Same as with other blockchain mechanisms, it is possible that the infrastructure will improve in the future allowing for better system for security emergency handling. However, on the current state-of-art, from our point of view the Guardian mechanism is necessary in order to protect Aave’s security.

It would be helpful for the community to better understand how the guardian members were chosen from the delegates (Ezr3al, Stable Labs)? What is the precise process in which a delegate gets chosen to be a Guardian?

• Is it some amount of delegated votes?
• Some amount of activity on the Aave governance forums?
• Is it a track record of behavior in public and private channels?
• accordance with the overarching mission of Aave?

Similarly, how were the governance emergency Guardian chosen? To the average Aave holder, these just seem like a list of random names aside from Emilio, Certora, ACI. Their organizations are well known entities within crypto, but people also change jobs all the time so it would be helpful to see clarity on the criteria and considerations for membership here.

I’m thrilled to be proposed as one of Aave Governance emergency Guardians.

In case of a positive community sentiment, attaching the signer address 0x0D2394C027602Dc4c3832Ffd849b5df45DBac0E9

The current proposal has been escalated to ARFC Snapshot

Vote will start tomorrow, we encourage everyone to participate.

After Snapshot monitoring, the current ARFC Snapshot has recently ended, reaching both Quorum and YAE as winning option, with 648K votes.

Therefore the current ARFC to Renew Aave Guardian 2024 has passed, and next step will be the publication of an AIP for final confirmation.

We ACI confirm that in the context of our engagement for services with the Aave DAO will participate on the Protocol emergency Guardian with the following wallet

0x57ab7ee15cE5ECacB1aB84EE42D5A9d0d8112922 (ACI.ETH)

We LlamaRisk confirm that in the context of our engagement for services with the Aave DAO will participate on the Protocol emergency Guardian with the following wallet

0xbA037E4746ff58c55dc8F27a328C428F258DDACb

I am happy to assist as a member of the Governance Emergency Guardian.

Address used will be: 0xA3103D0ED00d24795Faa2d641ACf6A320EeD7396

karpatkey appreciates the opportunity to support the Aave Guardians group and confirms the participating signing address is 0x818C277dBE886b934e60aa047250A73529E26A99.

We Chaos Labs confirm that in the context of our engagement for services with the Aave DAO will participate on the Protocol emergency Guardian with the following wallet

0x5d49dBcdd300aECc2C311cFB56593E71c445d60d

I confirm to assist on the Governance Emergency Guardian. I’ll use this address: 0xfd639f49Da6cadc98f01B60900C8BE30C38c4B27

We Certora confirm that in the context of our engagement for services with the Aave DAO will participate on the Protocol and governance emergency Guardians with wallet 0x4f96743057482a2E10253AFDacDA3fd9CF2C1DC9

We TokenLogic confirm that in the context of our engagement for services with the Aave DAO will participate on the Protocol emergency Guardian with the following wallet

0xb647055A9915bF9c8021a684E175A353525b9890

We StableLab confirm that in the context of our engagement for services with the Aave DAO will participate in the Protocol emergency Guardian with the following wallet.

0xd4af2E86a27F8F77B0556E081F97B215C9cA8f2E

I confirm that in the context of my engagement for services with the Aave DAO will participate in the Protocol emergency Guardian with the following wallet.

0x8659d0bb123da6d16d9394c7838ba286c2207d0e

[ARFC Addendum] - Update in Renewal of Aave Guardian 2024

Author: ACI ( Aave Chan Initiative)

Date: 2024-06-21

Addendum updated with latest confirmations from Aave Guardians and visual table to include all addresses.

Summary

On 2024-05-30, an ARFC to Renew Aave Guardian 2024 was posted on Governance, to start a renewal of the Aave Guardian, allowing for both the removal of members who wish to step down & to add new members, more reflective of Aave DAO’s current active contributors.

Motivation

After the publication and the ARFC and the ARFC Snapshot, that passed on 2024-05-10, it has been decided to update the proposed members of the Aave Guardian, with a few changes in nominations.

Specification

1. Replace Emilio from Avara as Governance Emergency Guardian, in favor of Fernando of Balancer.
2. Replace ACI as Governance Emergency Guardian, in favor of Seb from Zapper.
3. Replace Meltem Demirors (Coinshares), in favor of Nenad from DefiSaver.

The final list of Protocol Emergency Guardians and Governance Emergency Guardians would be the following:

Protocol Emergency Guardian

• Chaos Labs (risk service provider).
• Llamarisk (risk service provider).
• Karpatkey (finance service provider).
• Certora (security service provider).
• Tokenlogic (finance service provider).
• BGD Labs (development service provider).
• ACI (growth and business development service provider)
• Ezr3al (Aave DAO delegate).
• Stable Labs (Aave DAO delegate).

Governance Emergency Guardian:

• Seb (Zapper)
• Mounir (Paraswap)
• Gavi Galloway (Standard Crypto)
• Nenad (Defi Saver)
• Fernando (Balancer)
• Roger (Chainlink community)
• Mariano Conti (DeFi OG)
• Marin (Lido)
• Certora (security service provider). In this governance given their role reviewing governance proposals.

Useful links

https://snapshot.org/#/aave.eth/proposal/0x51cde0e183bd250839ef1fc4feb04a592263f848d44d1f67618504f98fa80865

Disclaimer

The ACI is not presenting this ARFC on behalf of any third party and is not compensated for creating this ARFC.

Next Steps

1. If consensus is reached on this [ARFC Addendum], escalate this proposal to the Snapshot stage.
2. If the ARFC snapshot outcome is YAE, publish an AIP vote for final confirmation and enforcement of the proposal

Copyright

Copyright and related rights waived via CC0.

I confirm that in the context of my engagement for services with the Aave DAO will participate in the Protocol emergency Guardian with the following wallet.

0x4C30E33758216aD0d676419c21CB8D014C68099f