As part of the effort to make more resilient the process of on-chain governance proposals, we are glad to announce that from now onwards, we will be publishing security reports of them.
Together with other improvements for validation of proposals that will be coming in the following weeks we think this is a good first step to give more confidence to the community when voting on proposals, as it will be possible to have an opinion from a reputable party on the following aspects:
- The executable payload of the proposal does what it was described in previous steps (governance forum, Snapshot and AIP description), and nothing else.
- We are aware of the procedures followed pre-proposal, and we are in a position to give an opinion about their quality.
It’s important to highlight the following aspects:
- This is just a technical analysis of the proposal, not an opinionated analysis of its content. It is up to the community to decide Yes/No on the outcome, we can just inform if what was described is the same as what is coded.
- Security reviews are not perfect. Same as the proposer can make unintentional mistakes, a security review doesn’t assure that there is no problem with the proposal. It only adds more assurance to the robustness of the code.
- We are not the proposer. We don’t decide what goes into executable proposals, we can only support the technicalities on how to do what is intended by the proposer.
- We are no gatekeeper of proposals. Nobody has any obligation of contacting us in the pre-proposal phase, only the right to do it. This also means that a proposal can be of the highest quality even if we didn’t review it in advance, and we will try to reflect that if it is the case on our reports.
Go to https://github.com/bgd-labs/aave-proposals-reports to check out the reports about the last governance proposals submitted, and let us know if you would like to see any extra information on them!