Introducing Aave Checkpoint

Development
1

image1
image11999×1071 186 KB

Greetings, Aave Community.

Aave Labs is introducing Aave Checkpoint, an AI-powered governance security system, adding a structured, multi-layered review process for every proposal and payload before it reaches onchain execution. Complementing Certora’s manual proposal reviews as security service providers, Checkpoint strengthens the security posture of the Aave DAO by combining automated analysis with mandatory human verification, ensuring no proposal goes onchain without thorough review.

This process has been operational since March 2026 and has been applied to every governance proposal processed during this period. The capabilities and review methodology are being shared with the community through this post; the underlying codebase is not source-open for the time being.

Motivation

The Aave protocol processes a growing volume of governance proposals, asset listings, parameter changes, and cross-chain deployments. Each of these carries material risk. A single misconfigured parameter or malicious payload can impact the protocol.

Previously, proposal review relied heavily on manual processes and individual service provider tooling. As Aave Labs assumes expanded governance responsibilities under the Aave Will Win framework, we have built a rigorous, systematic, and transparent review system.

Aave Checkpoint was built to address this gap. It accelerates the governance review process by automating structured analysis across every proposal, while preserving the mandatory human sign-off that has always underpinned Aave’s security standards.

What Aave Checkpoint Does

Aave Checkpoint operates as a continuous review pipeline across two phases:

Automated AI Analysis

When a new proposal PR is submitted to the aave-proposals-v3 repository, and a new AIP is submitted onchain, Checkpoint automatically:

  • Fetches the onchain payload data, proposal source code, and text from IPFS.

  • Cross-references every parameter against the corresponding governance specification.

  • Uses Seatbelt simulation outputs to inspect proposal execution paths, state changes, emitted events, and other payload effects before execution.

  • Runs security analysis across 60+ specialized agents covering vulnerability detection, DeFi-specific risks (oracle manipulation, liquidation logic, flash loan vectors), proxy upgrade safety, state validation, and all interaction paths.

  • Checks for malicious or unintended interactions not only against liquidity protocol contracts, but also against adjacent governance surfaces, such as a.DI.

  • Reviews payload source code for obfuscation patterns or other implementation details that warrant closer scrutiny.

  • Evaluates proposals through the reference frame of a cognitive learning model trained on findings from previous research and exploits on DeFi protocols.

  • Produces a structured audit report with a pass/fail conclusion, flagging any discrepancies or concerns.

Mandatory Human Review

Every AI-generated report requires a minimum of two independent human sign-offs before the review is considered complete. Reviewers manually verify the AI findings, validate onchain state, and confirm that the payload matches the approved governance specification. This dual-review requirement ensures that no automated output is treated as final without expert confirmation.

Capabilities

Aave Checkpoint includes:

  1. 5 custom Aave governance skills:

  • AIP Review: End-to-end governance proposal audit. Fetches onchain data, reads the AIP text, locates payload source, cross-checks every parameter against the specification, and writes a structured audit report.

  • Solidity Security Review: Comprehensive protocol security audit orchestrating 30+ analysis lanes in parallel across core vulnerabilities, DeFi protocol logic, pattern detection, structural analysis, upgrade safety, and prior art research.

  • Asset Eligibility Check: Technical analysis following the AACA methodology across several dimensions: ERC-20 compliance, oracle configuration, upgradeability, access control, exchange rate mechanics, and more.

  • Temp Check Drafting: Copilot for drafting compliant TEMP CHECK proposals following official governance templates.

  • ARFC Drafting: Copilot for drafting compliant ARFC proposals from approved TEMP CHECKs.

  1. 52 external security skills covering DeFi-specific analysis (lending, oracle, liquidation, staking, math precision, reentrancy), pattern detection, and security tooling.

  2. Dedicated review flow for Aptos code that evaluates correctness, current syntax and language features, vulnerability patterns, and compiler optimization modes using official Aptos LLM feed data alongside multiple Move-specific analysis agents.

  3. 6 automated CI/CD workflows with manual triggers, model selection, and auto-PR creation for AIP reviews, asset eligibility checks, and Solidity security reviews.

  4. Protocol coverage spanning Aave V3, V4, GHO, and Aptos-v3 implementations.

How It Works in Practice

  1. A new PR or AIP is submitted.

  2. A notification alerts the review team.

  3. Checkpoint’s AI pipeline automatically generates a structured audit report and opens a draft PR in the internal review repository.

  4. Human reviewers verify the findings, add their own analysis, and sign off in the manual review section.

  5. Once two or more reviewers have signed off, the review PR is merged and the proposal is cleared.

Moving Forward

Aave Labs will continue investing in the governance systems, review processes, and operational coverage required for this expanded scope under the Aave Will Win framework. As the protocol grows, governance quality and throughput both matter. This work raises the standard and consistency of how proposals are reviewed and executed, sustaining more dependable changes across the Aave protocol.

Aave Labs

3 Likes