Certora - Monthly Update

Governance
10

March 2025

Executive Summary

Governance Proposal Reviews

:eyes: Total proposals reviewed: 22

:white_check_mark: Proposals approved: 21

:writing_hand: Proposals rejected/modified: 1

:cross_mark: Issues requiring proposal cancellation: 0

:hammer_and_pick: Proposals required actions other than cancellation: 2

:police_car_light:Notes

  • AIP 264 was approved by all parties involved in governance security, including ourselves. After execution, the proposal was found to contain a collision with AIP 263, which created an unintended grouping of assets in the same e-mode. After attending to the problem and resolving it in collaboration with the relevant providers, we performed a post-mortem along with @bgdLabs and concluded improvements that will strengthen the overall security process of the governance.
    More details on the incident can be found in BGD’s post

  • On AIP 267 we identified a misconfiguration and reported to the relevant entities. The decision was to not cancel the proposal, but instead, resolve it using the steward.
    Official announcement on the subject can be found here

Code Reviews Completed

:scroll: Total smart contracts reviewed: 36

:detective: Projects reviewed: 4

  1. The Complete Umbrella Component (Stake Token, Umbrella Rewards and Umbrella) – The manual review was finished in February, however, in March we completed our formal verification for the project. Link to Security Reports, Formal Specifications

  2. Umbrella Helper Contracts - The review started in February and finished on March - Link to Security Report

  3. SVR StewardLink to Security Report

    • A contract helping with the configuration of SvrOracles as assets’ price feeds.
    • Configuration through the steward enables a guardian to revert the price feed back to the previous “regular” price feed in case of an emergency.

  4. Revenue Splitter – Review was submitted and now awaits a second iteration following our feedback.

    • A contract responsible for splitting funds between two recipients.
    • The specific context with which we reviewed this contract was as a revenue splitter between the Aave DAO and ChainLink with respect to the SVR oracles.

  5. Pendle CAPO – The review is finished. The report will be released soon along with the code.

    • Price adapter capping the price of the PT-tokens.

  6. Pool V3.4 - Review in Progress

    • A collection of security and UX upgrades to Aave core. A great elaborated post on the upgrade can be found in BGD’s thread.
1 Like