Certora - Monthly Update

Governance
2

September - November 2024

Executive Summary

In the last Quarter, Certora has continued to safeguard the Aave ecosystem through code reviews, rigorous formal verification, and proactive security measures.

:eyes: Total proposals reviewed: 53
:white_check_mark: Proposals approved: 52
:writing_hand: Proposals rejected/modified: 9
:x: Issues requiring proposal cancellation: 1
:hammer_and_pick: Proposals required actions other than cancellation: 8

Audit Reviews and Formal Verification

:scroll: Total smart contracts reviewed: 74

:male_detective: Projects reviewed: 7

  1. ParaSwapAdapter patch

    • Following the ParaSwapAdapter incident at the end of August, Aave Labs quickly applied a patch to prevent similar occurrences in the future. Our team reviewed the patch with urgency to allow quick upgrade of the component, and suggested best practice improvements.

  2. V3.2 - Liquid eMode - Link to Security Report

    • This upgrade to the pool included the complete deprecation of stable debt code (reviewed at the end of August) and the reorganization of eMode logic to support liquid eModes. Our security report provides a detailed description of our work.

  3. V3.2.1 - StableDebt Token Getter For Integrator

    • Following a successful deployment of V3.2, some integrators experienced difficulties breaking changes they didnโ€™t account for. The V3.2.1 patch was released to allow these integrators to continue operating as usual.

  4. EzETH oracle - Link to Security Report

    • Prior to listing EzETH on Aave V3 Ethereum, BGDLabs performed an in-depth review of the token mechanism and the implications of using it in the lending protocol context. We were asked to perform an extra check on the potential risk of price manipulation of the token by donation. We provided our assessment on the subject in the forum post linked above.

  5. CrossChain Gho Token Upgrade to CCIP V1.5

    • With ChainLinkโ€™s planned upgrade of CCIP to V1.5, Gho needed an upgrade to allow continuous support of operations avoiding any downtime. As per the request of Aave Labs, we reviewed the suggested solution and concrete implementation.

  6. CrossChain Gho Token Upgrade to CCIP V1.5 AIP

    • Due to the criticality of the upgrade, we reviewed the upgrade transaction for cross-chain Gho to ensure it was done properly.

  7. V3.3 - Deficit Assuming and Handling - Report in Progress

    • This upgrade is another component related to the upcoming Umbrella. The main logic imposes some limitations on liquidation to prevent accumulation of dust in liquidatable debt position, records bad debt and writes it off to prevent accrual of debt that is likely to never be paid back, and the ability to eliminate the emerged deficit by burning LP tokens against existing deficit from the corresponding stk token.
5 Likes