Improve permissions management on Aave v2 and define a better strategy for access control roles on Aave v3

Thanks for putting forward the proposal. Would be favour with a Risk Council across all V3 markets (details can be nailed down as the idea gets more support).

Things that would like to ensure is that the work of the risk council includes on-going automated and manual monitoring and weekly reports on how different market conditions (taking actions as well) have been changing backed by verified data, analysis and simulations.

Risk Council should also preferrably be distributed across multiple time-zones and the Risk Council should be incentivized accordingly.

Would also recommend to have a “risk strategy” smart contract between Risk Admin and the Council ensuring that the community can also vote on-chain between how wide mandade to give to that role on-going basis.

Transparency is also a key - Risk Council should agree and publish policies up-front as well to the community.

I also consider that the community should create new procedures for the Emergency Admin role/function including fire-drills and also availability - such role should also be incentivized accordingly.

This idea could be developed further as Ethereum V3 market is getting closer to release.


Hi @bgdlabs - we welcome this early discussion.

This Risk Council seems to pave its way towards a future RiskDAO and further unites the community.

I am glad to see @stani’s support - and willingness to establish greater controls, transparency, and incentives. If the community decides this is the best path forward, I would be happy to volunteer.

Some quick qualifications:

  • reviewer at Aave Grants DAO ( ~1-year tenure)

  • delegate for Aave DAO

  • 1/8 ‘Regulars’ on the forum

By supporting this initiative, it establishes around-the-clock coverage, improving communications across different visions, users, and organizations servicing the DAO.

If the community decides on a different direction, it should be to empower more stakeholders.

But the past few days have illustrated the need to reach a consensus decisively - and with vigor.


We (Morpho Labs) are in favor of this proposal. If the scope of the role is clearly defined, and it is operated with maximum transparency, it would be a good addition to security of Aave protocols.


Generally very much in favor of this proposal.

Regarding incentivization, I’m a bit conflicted.

In the end I guess at least a subset of the members of such a “risk council” should probably be somewhat related to the ppl doing risk and already being engaged with the dao(like gauntlet/chaos) and they are already paid by the dao for monitoring risk - it’s just giving them new means of action. The other members probably should be technical enough (to grasp risk & be part of a multisig), but I wouldn’t expect them to be “constantly monitoring” - so their job is more “validating & signing”.


Chaos Labs fully supports this proposal and sees great value in creating mechanisms to act fast and mitigate immediate risk to the protocol in extreme scenarios. As we have seen this past week, a timely response is crucial to protocol security, and waiting for full DAO coordination may not be possible.

As risk management contributors to the protocol, Chaos Labs would be eager to partake in the formation and ongoing management of such a Council under the terms of our engagement and would not expect additional consideration in doing so.

The example outlined by BGD is a great baseline for the proposal. There are a few important points we would like to highlight and provide thoughts around:

  1. We believe the risk council should comprise of the parties/individuals with the most intimate knowledge of the protocol and security expertise. It is natural for these to be current contributors to the protocol, who are also already incentivized for their work. In addition, any other experts from the Aave community members should be able to nominate themselves or others as participants in such a council.

  2. There are two types of actions that we believe the Risk Council should be empowered to take:

    • High impact, high urgency : These are actions similar to last week, where there is a high confidence security threat, and immediate steps need to be taken to protect the protocol and user funds. These actions must be considered temporary and only an immediate first step to allow the community to make knowledgeable and un-rushed decisions on the most appropriate long-term path forward.

    • Low impact, incremental changes : Thus far, the Aave DAO has had to vote on any parameter change for any market regardless of significance. We would propose that the Risk Council have the ability to make incremental parameter changes that fit well-defined, DAO-approved criteria (i.e., no users are liquidated, total change is <X%, 30-day change is <Y%, etc.) without the need for snapshot and on-chain voting.

  3. Decentralization - the Risk Council must be formed by governance vote, electing the council members and deciding on the actions they are authorized to perform. We agree with the proposed 6-month cadence for on-chain votes to evaluate and make changes to the council and its mandate.

  4. Communication and transparency: While the actions are taken directly by the Risk Council, it is imperative that they are communicated on a regular cadence to the community to ensure transparency in the thought process and implications:

    • Any parameter change decision is communicated via the forums within [48]-hours of the council’s decision and implementation

    • Any High Urgency change is to be communicated via the forums once the situation is safe for clarity and future protocol direction, with a community call scheduled for that same week for further discussion and feedback

    • Risk Calls - as part of our engagement, Chaos Labs committed to leading monthly risk calls for the community - we would hope that members of the Risk Council would take an active role in these calls and be available for community Q&A

We suggest that the council’s first order of operation upon creation should be to share a charter with the community for ratification on the limits of their powers, the authorizations, and communications guidelines with the community.


This is a really great proposal.

I agree with the strategy of using a 3/5 multi-sig.

I think some good contenders would be: Gauntlet, Chaos, Llama, BGDLabs, Morpho and/or Fig.

My only question is how much should they be paid – this will depend on their scope. If they are high impact / high urgency only, then probably less, but if they are low impact, incremental decisions (what Chaos is proposing), then probably more.

What Chaos is proposing in this thread is that low, impact incremental changes also fall under the scope of the Risk Council – I think this probably makes sense assuming that the changes fit very well-defined, DAO-approved criteria and the changes are communicated on a transparent basis (the current state of affairs is that governance is bogged down with parameter changes that take too long to change and usually always get 100% “yes” rate). Any DAO vote should override the Risk Council’s decisions.


Hi @bgdlabs,

Glad to see such a proposal in the forum and I am in full support.

In response to @VonNeumann & @OriN, I would disagree that Chaos or other contracted parties to the DAO should be part of the Risk Council. My view is aligned with the statement provided by BGD:

The Risk Council should be briefed by the risk contributors (Chaos, Gauntlet) and other contributors (BGD, Llama, Aave Companies) and then based on the information presented execute the option that they as the Risk Council believe is in the best interest of the Aave protocol (Like @sakulstra mentioned: "job is more validating & signing).

My only concern is finding 5 members of the community with such knowledge who are already not contributors to the DAO in some form or another and have no conflict of interest with other DAOs.

In support of @fig being the first member of the risk council.

My view on the next steps:

  • Define the risk council’s constitution, role & responsibility
  • Define the compensation model (If there should be one)
  • Define KPIs for the risk council
  • Call for applications & community interview process
  • Vote on the inception of the Risk council and the details.

Look forward to seeing this topic progress.


Low impact, incremental changes

I think the risk council should probably have no rights to do this. Errors happen, but are hard/impossible to spot when omitting public procedures. A change of 0.5bps can lead to liquidation and when not going through governance ppl have literally no time to prepare.

I think it should be very carefully evaluated which actions the council should be able to take.

1 Like

hello Aave DAO.

i’d like to nominate @sakulstra for the role


1 Like

Hello voicing my support for the Risk council.

As part of half a gazillions multisig, some of them very efficient and some the complete opposite, I strongly suggest not selecting the members of the risk council with a “beauty contest” election, it’s not about giving the role to your favorite guy. it’s about giving the role to someone that will show up and sign even on a sunday at 2am because the protocol needs it.

Strongly suggest :

  1. at least redundancy on ppl that can create tx on their own and prove good knowledge of Aave architecture
  2. ppl with track records of being good multisig signers.

Let’s not replicate the Aave guardian V1…

making myself available for the role if the community has an interest. I have deep knowledge of Aave contracts & good experience in multisigs.


Do we believe existing community guardians should be members of the risk council? This will result in community guardians = risk council IMO (if that’s the case guardians should become part of the risk council).

I’d personally like to see it move away from strictly community Guardians to encourage more stakeholders to become involved and create added diversity.

Marc would be a strong addition - as would @sakulstra on this council.

1 Like

Thx for the support, but I don’t want to be nominated.
Due to personal reasons, I won’t be very responsive/active in the coming months. Also, I don’t have any experience in regard to risk.

That said I’d happily support the nomination of @MarcZeller. Had the pleasure to meet him in Paris two years ago and he’s a quite driven guy with a deep understanding and curiosity for all things blockchain. Also, he’s very active on the forums & not shy to share his opinion on things which imo is a big plus.


Given the Risk Council idea seems to have found support in the community, we would like to highlight some aspects we consider fundamental around it and its potential formation:

  • The actions to be executed by the Risk Council require specific expertise on the mechanics (especially risk) of the protocol. Nobody without such knowledge should probably be considered because it totally removes its utility. This is not trying to dismiss the contributions of community members but seems reasonable given the task.

  • This Risk Council has in practice no relation with the Aave Guardian. The Aave Guardian is just a technical and temporary mechanism used given the lack of enough technological infrastructure to for example bridge decisions of the Aave community to other networks. Its members are just volunteer signers that only execute actions pre-approved by the Aave governance in advance.
    This means that members could overlap or not from our perspective, just depending on expertise.

  • We highly recommend having entities currently engaged with the DAO on the risk side (partially or totally) as parts of the Council. It doesn’t seem reasonable to precisely not use the most expert resources available for the community on it.

  • The Council should probably have a minimum of 4 members and a maximum of 5/6, at least regarding signers.

  • From BGD we are open to advising (and will do) the members of the council from the technical side, as usual, reviewing the actions before execution, together with implementing additional smart contracts and need mechanisms, for example, to automate actions. But we don’t think it is appropriate to be part of the Risk Council itself, as risk is not our expertise.

From our perspective, a reasonable initial set of members could be:

  • 1 representative from each risk-specific entity engaged with the Aave DAO, or with risk-related scopes (e.g. Llama).

  • ACI via its representative @MarcZeller . Contributing to Aave since v1, we think the expertise of ACI/Marc is clearly proven.

  • @Alex_BertoG (if willing to). Part of the risk team of @AaveCompanies and a quite active member of the community, giving feedback to multiple forum proposals and initiatives.

We think the different further scopes and organizational topics should be defined by the Council, once selected by the community.


Chaos is fully aligned with @bgdlabs and is excited to see this come to fruition. We would be honored to participate alongside our fellow external DAO contributors.
We separately fully endorse @Alex_BertoG as a strong, risk-centered candidate. Chaos Labs has had the pleasure of working with her and the rest of the risk team at @AaveCompanies over the past few months (especially since onboarding) and have consulted with them on different proposals and methodologies. Alex has always been super collaborative and has an excellent understanding of risk in all versions of the Aave protocol. She will be a great asset to the risk council and community at large.


Given the limited power of the Aave Guardian in both V2 and V3 (especially in V2 where its impossible to pause only 1 single reserve), having a separate entity allowed to enact “special” actions is really valuable for the Aave community and users.

I see a gap between Aave Guardians and Risk Contributors, that can be filled with a “Risk Council” entity.

Such an entity is an enhanced more-powerful version of the Guardian, with the right of executing a set of actions to mitigate potential risks in certain situations. This entity has a good understanding of the protocol and space, is well-connected and acts as a point of contact in case there is a vulnerability or risk vector that puts in danger the Aave Protocol (could play an important role in a Bug Bounty).

However, I believe is crucial to define some guidelines so its work does not overlap with other. Some questions that come to my mind that I would love to see clarified:

  • Which powers would this entity have?
  • Under which circunstances this entity would take action?
  • Which steps would it need to follow in case of taking action on a matter?

In favour of creating a Risk Council for V3 pools. It does not make sense for me to have it for V2 because it is gonna be deprecated in a near future (it also works as an incentive for the users → better risk & emergency mgmt)

I do not think this council should provide a full-fledged service to the DAO (just taking actions with limited power under certain risky situations), because it would overlap with others contributors’ work and could jeopardize the decentralized nature of the DAO governance.

Hello Aave governance members,

I put together a proposal some time ago regarding a risk committee for the SNX DAO (which can be viewed here SIPs/ at master · Synthetixio/SIPs · GitHub), and have viewed the discussion in this thread and would like to share some of my thoughts regarding the concept of a ‘risk committee’.

The problem space highlighted by OP involves the Aave protocol having the capability to make ‘faster’ changes to parameters in order to respond to rapidly changing ecosystem changes. This in itself is a worthy goal, however it should be noted that this is a different in essence to risk and it’s management.

I think what OP is really trying to describe is a organisational group that is empowered to react to changing ecosystems, where those changes are within a subset of the Aave risk appetite.

The topic of a risk committee, whos primary focus would be the development and application of a risk framework is a separate problem spaces which requires thorough consideration independently of the use case that OP, as its scope is much broader and implications further reaching.


Any update on this discussion?

With V3 live on Ethereum Mainnet it would be great to finalize the discussion and bring additional risk controls to Aave.

Hi @bgdlabs,

Thank you for kicking off this discussion.

As a keen contributor to many risk proposals over the years, dating back to the DPI risk assessment in 2021 and more recently via @Llamaxyz, I would like to volunteer for inclusion in the Risk Council. I personally think this is a great initiative that moves Aave in the right direction.

Let’s revamp this discussion and I see @OriN and @bgdlabs has already made some great suggestions for kicking starting this initiative.

Some house keeping, I would like to contribute via TokenLogic, which is Company founded by myself that I contract through to Llama. Whilst I remain at Llama, I seek no payment for any efforts relating to advancing Aave’s Risk Council.