Hello, dear community

Following repeating requests and recommendations by members and to provide transparency, we’re returning to our good ways of periodically reporting our work for the benefit of the DAO.

This thread is where you’ll find these reports.

What To Expect Here

Audit Reviews and Formal Verification

We will post the projects we worked on along with the security report (if done) and the formal tests we’ve created.

AIP Reviews

We will share a high-level summary and simple statistics on the AIPs we reviewed.

Our review process guarantees that:

• Suggested payloads genuinely reflect the desired intention raised for voting

• Potential implementation risks are identified and acted upon before execution

• Emerged proposals followed the DAO’s formal process and adhered to the highest transparency standards

Advancement Related to Development Efforts

As we mentioned in our renewal thread, we are developing tools that will enable us to do our work better and can be of interest to the DAO.

Since these developments are not part of the engagement and are developed on a best-effort basis, we will update only on significant releases that aren’t too technical and from which we think the DAO benefits.

Misc

Any involvement that isn’t included in the previous sections and may include:

• Actions related to us having guardian role(s)

• Involvement in incident response - Only if and after details are already public

September - November 2024

Executive Summary

In the last Quarter, Certora has continued to safeguard the Aave ecosystem through code reviews, rigorous formal verification, and proactive security measures.

Total proposals reviewed: 53
Proposals approved: 52
Proposals rejected/modified: 9
Issues requiring proposal cancellation: 1
Proposals required actions other than cancellation: 8

Audit Reviews and Formal Verification

Total smart contracts reviewed: 74

Projects reviewed: 7

1. ParaSwapAdapter patch

   • Following the ParaSwapAdapter incident at the end of August, Aave Labs quickly applied a patch to prevent similar occurrences in the future. Our team reviewed the patch with urgency to allow quick upgrade of the component, and suggested best practice improvements.

2. V3.2 - Liquid eMode - Link to Security Report

   • This upgrade to the pool included the complete deprecation of stable debt code (reviewed at the end of August) and the reorganization of eMode logic to support liquid eModes. Our security report provides a detailed description of our work.

3. V3.2.1 - StableDebt Token Getter For Integrator

   • Following a successful deployment of V3.2, some integrators experienced difficulties breaking changes they didn’t account for. The V3.2.1 patch was released to allow these integrators to continue operating as usual.

4. EzETH oracle - Link to Security Report

   • Prior to listing EzETH on Aave V3 Ethereum, BGDLabs performed an in-depth review of the token mechanism and the implications of using it in the lending protocol context. We were asked to perform an extra check on the potential risk of price manipulation of the token by donation. We provided our assessment on the subject in the forum post linked above.

5. CrossChain Gho Token Upgrade to CCIP V1.5

   • With ChainLink’s planned upgrade of CCIP to V1.5, Gho needed an upgrade to allow continuous support of operations avoiding any downtime. As per the request of Aave Labs, we reviewed the suggested solution and concrete implementation.

6. CrossChain Gho Token Upgrade to CCIP V1.5 AIP

   • Due to the criticality of the upgrade, we reviewed the upgrade transaction for cross-chain Gho to ensure it was done properly.

7. V3.3 - Deficit Assuming and Handling - Report in Progress

   • This upgrade is another component related to the upcoming Umbrella. The main logic imposes some limitations on liquidation to prevent accumulation of dust in liquidatable debt position, records bad debt and writes it off to prevent accrual of debt that is likely to never be paid back, and the ability to eliminate the emerged deficit by burning LP tokens against existing deficit from the corresponding stk token.

Do you have links to the proposals that were rejected/modified/cancelled?

December 2024

Certora’s Holiday Cheer

We wish the Aave fam so dear,
Happy holidays, full of cheer!
DeFi never takes a rest,
And neither do we—always our best.

Through December, we’ve stayed on track,
Safeguarding Aave, we’ve got your back.
Code reviews and formal checks,
Keeping security free from hacks.

Here’s to success and spreading cheer,
With Aave strong through every year!

Executive Summary

Governance Proposal Reviews

Total proposals reviewed: 15

Proposals approved: 14

Proposals rejected/modified: 1

Issues requiring proposal cancellation: 0

Proposals required actions other than cancellation: 2

Code Reviews Completed

Total smart contracts reviewed: 31

Projects reviewed: 3

1. V3.3 - Deficit Assuming and Handling — The review is finished after a second iteration. The report will be released soon.

   • This upgrade improves the way that the protocol handles bad debt accrued by the protocol. Instead of allowing it to keep accruing interest, it’s assumed and labelled as a deficit to be covered in the future by the corresponding umbrella pool.

2. GhoDirectMinter - Link to Security Report

   • A module that allows the DAO to mint and supply GHO on demand, bound to imposed caps, in order to facilitate required operations across markets.

3. Gho CCIP Token Pool Upgrade + Upgrade AIP - review in progress

   • An upgrade that makes the cross-chain GHO token pools compatible with CCIP v1.5.1. The upgrade will allow multi-lane bridging of GHO from any chain onboarded chain to any other onboarded chain.

   • The technicalities require a slightly more complex AIP than simply upgrading the contract.

Hey @midapple, thanks for your question.

We’re referring to AIP 165, 173-175, 177, 182, 204, 205, 212.
You can browse and read the AIPs here:

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

January 2024

Executive Summary

Governance Proposal Reviews

Total proposals reviewed: 13

Proposals approved: 13

Proposals rejected/modified: 0

Issues requiring proposal cancellation: 0

Proposals required actions other than cancellation: 0

Code Reviews Completed

Total smart contracts reviewed: 12

Projects reviewed: 5

1. Gho CCIP Token Pool Upgrade (1.5.1) + Upgrade AIP - The review was started in December and finished this month - Link to Security Report

2. Umbrella Stake Token – The review is finished. The report will be released soon along with the code.

   • A new implementation of the stake token designed to best fit the umbrella vision for the Aave ecosystem. The implementation is built on the ERC4626 standard.

3. Gho CCIP Deployment on Avalanche

   • Deployment of Gho on new target network - Avalanche.

4. Collector operational upgrade + Upgrade AIP – Link to Security Report

   • This operational upgrade introduces a more wholesome access control management to the collector, allowing steward(s) to perform certain operations alongside the executor.
   • The AIP syncs the collector implementation across all the networks on which Aave is deployed.

5. TransperentProxy Upgrade

   • An operational upgrade to the proxy being used in some components, moving to work with OpenZeppelin’s standard implementation.

6. Umbrella Rewards – Review in Progress

   • A new implementation of the rewards distributor for the umbrella stake token. Among other things, the implementation introduces a different way of determining reward emission.

Development Announcement

We are happy to announce we published and open-sourced Quorum - an agile validation tool developed and used internally by our AIP reviewers to improve the efficiency and consistency of reviews.

An introductory blog post to Quorum

A summary thread on Twitter

We call involved community members who perform independent proposal reviews to collaborate with us on improving the tool by submitting feature requests. Help us make Aave decision-making the most secure process in DeFi!