Summary
Proposal for a 2-month security retainer between BGD Labs and the Aave DAO.
Motivation
As commented in our announcement of BGD leaving Aave, we think it is beneficial to the DAO to keep a short-term (2-month) security retainer with BGD to advise/support in case any security incident arises.
Given that the community showed clear support for this model, we are now creating the on-chain governance proposal to make that retainer model effective.
Specification
If approved, the governance proposal will confirm the security advisory/support engagement, with the following terms:
- If any High/Critical incident affecting all systems we previously led arises (all the Aave ecosystem, aside from GHO and Aave v4), we will be available to support the team leading security (e.g., Aave Labs) in incident handling: protections to apply, remediation steps, communications, etc.
- BGD Labs is NOT leading the security workflow of Aave anymore. Our role within this retainer model is that of an external entity, purely advising engaged/involved parties.
- During this period, BGD Labs is open to be part of the Aave Protocol Guardian.
- Ad-hoc developments required by any security incident are not included in this engagement.
- Duration of the engagement is, as previously disclosed, from 1st April to 31st May, both included. Due to our previous relation with the DAO, we will act as if we had this advisory engagement active until the proposal passes, even if not yet.
- As previously disclosed, the retainer will have a cost of $200’000 for the 2-month duration.
Next steps
After a day in this forum, we will proceed with the on-chain proposal.