Proposal: Aave Risk DAO

Hi Aave Community,

Since the launch of the second version of the Aave protocol (“V2” or the “Aave Protocol”) in January 2020, the Aave ecosystem has seen amazing growth, with over $20 billion of liquidity in the protocol and nearly $10 billion of borrows as well as over 200 integrations. In addition, the Aave Protocol is completely run by the community (“Community Governance”), with all decisions and changes for the protocol being implemented by Community Governance—that is, the group of over 90,000 holders of $AAVE or $StkAAVE.

With so much at stake, assessing risk is critical for the continued success of the Aave Protocol. Upgrades, asset additions, and changing market conditions have the potential to impact the protocol and the Safety Module. For that reason, it is critically important for the Aave governance community to have access to all relevant information and thorough analysis to support sound decision making.

Risk assessment for the protocol and safety module can require advanced skills (such as a deep understanding of smart contracts and digital assets) as well as significant familiarity with the Aave Protocol. With these needs in mind, I’d like to propose the formation of a dedicated Aave Risk DAO to help support the community’s stewardship of the Aave Protocol.

Risk DAO Overview

Aave already has an established risk framework, covering various aspects of the protocol including asset risk, liquidity risk, and technical risk. This Risk DAO will seek to build on this by supporting the Aave community in the following ways:

  • Providing information and research for decisions on asset listing, liquidity provision, and other risk related matters
  • Providing feedback and analysis on risk levels of forum and on chain proposals (ARCs and AIPs)
  • Providing documentation on risks to the Aave protocol and related risk factors
  • Engaging with third parties to better understand the Aave protocol’s ecosystem and to gain additional expertise
  • Providing independent assessment of AIPs priory to submission by community members, including technical and general risk analysis
  • At member’s discretion, submitting proposals to the Aave community to help address and mitigate risks

This will help give Aave governance greater information on (1) new asset additions and (2) technical upgrades that have the potential to increase protocol risk.

Through its various members, the Risk DAO will seek to provide coverage of the relevant risk areas in the Aave Protocol, including:

  • Oracle risk
  • Market risk
  • Governance risk
  • Technical risk
  • Risks pertaining to real world / off chain assets
  • Other risk related matters (including regulatory)

Members of the Risk DAO will dedicate 5-10 hours per week for a minimum term of one calendar quarter, with the ability for membership positions to be renewed subject to approval via governance. Applications are open and can be submitted as set out below.

Given the levels of expertise required, members will receive $100-500/hr monthly. Payment will be based on success metrics (level of participation, amount of reviews completed, etc). Reelected members should receive a bonus worth 10% of their previous quarter’s compensation.

Initially the starting budget should be roughly $150,000 per quarter - this covers 5 members working 10 hours per week at an average of $200 per hour, along with a small contingency budget for additional expenses. Member compensation will be based on the specific skills provided so individual members may earn more or less than $200 per hour. Considering the size of this grant, I intend to request funding directly from the Aave governance treasury rather than the Grants DAO to ensure continued funding of other community priorities.

You can review the full overview of the Risk DAO scope and vision in this document:

Aave Risk DAO Document.pdf (133.3 KB)

Participating in the Risk DAO

Ideally the Risk DAO would be composed of experts from the Aave community as well as experts from the wider Ethereum ecosystem. If you are interested in being a Member of the Risk DAO or would like to nominate someone to be, please reply to this thread with basic info, including:

  • Describe your/the expert’s involvement in the Aave ecosystem and in the space more generally?
  • What skills/experience do you/they bring?
  • Can you commit ~5-10 hours a week?

I’ll get in touch with applicants to discuss further, and hope to have an initial team and governance proposal in order in the coming weeks.

Feel free to post here if you have any general questions or comments about the Risk DAO as well!

19 Likes

This is fantastic. I’ve been practicing law for 10 years and am staked in the safety module. I’ve got good base knowledge of the space, but It may be that I need more expertise in these particular areas to warrant membership atm. But, I’d love to participate and hopefully get an opportunity to contribute more meaningfully after getting more exposure to the particular risks and issues covered here. Thanks for putting this together. I think this will be a solid material value.

4 Likes

Excellent idea, the team at Consensys Codefi and Armor can contribute to this initiative by providing the resources available at GitHub - defi-defense-dao/defi-risk-tools-list: A guide to available tools and projects for analyzing and managing risk within DeFi. which were released just over 2 months ago.

Let me know how else we can help whenever you are ready! :pray:

4 Likes

great idea. i have 15y experience in the tradfi banking industry in Europe; mainly market and counterparty risk on various asset classes ( credit, commodities). excellent knowledge of risk management technics such as Stress Tessting, also worked with central clearing counterparties.
Regular user of aave and the whole defi sector.
so happy to share and help the aave community

4 Likes

I would like to be a candidate to be a member of the risk DAO. Risk is my area of expertise. I am an actuary with over 10 years experience and I am part way through a masters in Blockchain with the university of Barcelona. I worked for a major international insurer for many years assessing risk and was head of risk pricing in the UK and head of technical pricing for the global business from France. For the last four years I have been free-lance advising on risk, pricing and regulation. This has included working with the Financial Conduct Authority (the UK regulator that partly authorises Aave) on behalf of clients. I am well skilled and experienced in assessing risk, building risk frameworks, mitigation, transfer and avoidance techniques. This includes market, counterparty, investment, liquidity, strategic, reputational, regulatory, reserving, underwriting, insurance, operational, governance, exchange, credit, outsourcing, asset, aggregation, ethical and others.
One of my key skills is communication. I work with many people who are not from a technical background and am often required to explain complicated financial and actuarial concepts to a broad audience both verbally and in writing. This includes writing reports for multiple audiences.
I wrote a response to the Gauntlet Aave market risk report which opened up a recent dialogue between myself and them. This included looking at risk monitoring and MI.
Other relevant skills and experience:
Programming (C, Python, R, SAS, PHP, HTML, SQL)
Statistical modeling and forecasting (GLM, Chain Ladder, Machine Learning, Neural Networks)
Cyber Insurance
My LinkedIn page is https://www.linkedin.com/in/jeremy-keating and I can commit up to 10 hours per week.
I have several ideas for pieces that I would like to propose and do. One of which is documenting Aave’s risk levers, the processes for changing those levers, who controls them and the consensus mechanism for moving them.
Please also let me know if you would like me to help with the proposal to the Aave governance treasury.

5 Likes

I’d be interested in participating in the technical-/security-risk branch of the RiskDAO.

Currently, I’m also an active community member (risk assessors) at NexusMutual, where I contribute with respect to assessing risks, i.e. DeFi Security Maturity Level, PancakeSwap v2 Risk Assessment, THORChain Risk Assessment…

Background:
I’m in the smart contract security field since 2018, where I’ve done audit and security consultation work for various teams - mainly in the Ethereum ecosystem. I’m also working in the traditional infosec field as an IT auditor for over 7 years. I’ve also contributed to the overall information security field (e.g. Black Hat US, Black Hat USA 2017 | Mateusz Khalil

4 Likes

I would like to apply to become a member of the Aave Risk DAO. I bring extensive professional experience in quantitative risk. My main focus area would be the on-chain/off-chain risks of upcoming Real world assets: credit, market, liquidity, operational, regulatory and liquidation risks.

Background

I am a senior risk analytics professional and data consultant with extensive hands-on experience in both banking quantitative risk functions and Blockchain, spanning startups and DeFi projects.

I’ve held senior quantitative analytics roles with exposure to modelling retail, SMEs and corporate credit risk for some of the biggest Australian banking groups, including Commonwealth Bank and Westpac. Modelling experiences include development of application, behaviour scorecards and risk-based pricing for origination, collections and account management strategies, as well as their production implementation through automated decisioning software. I’ve developed risk and pricing frameworks for corporate lending and securitised assets (asset-backed securities). Lately, I’ve been working with clients in top tier banking groups on automated data governance and regulation. Experience with regulation includes consultancy on risk frameworks relating to securities, capital adequacy, capital provision and liquidity requirements (Basel III, IV and IFRS9) across the banking sector.

Since 2016 I have worked on a variety of projects in the Blockchain world in software engineering (smart contract auditing), blockchain architecture and involvement in quantitative Risk in DeFi. My experience has been mostly with Ethereum and EVM projects. On smart contract & low-level engineering advisory I’ve worked with clients such as Shapeshift, Brave New Coin, tZero, Leverj, Kyber and Ripio Credit Network. In Risk, I’ve been working with the MakerDAO community since 2019 (SCD), initially as a community contributor then as part of the crypto native team. I’ve provided risk assessments, modelling and improvements to the risk framework to a number of collaterals onboarded into MCD. In 2020, I actively contributed to the creation of the MakerDAO RWA Risk team that set up the risk framework to onboard the first Centrifuge assets into the Maker protocol. Right now, I am building robust and asset class specific quantitative frameworks, simulations and automated performance monitoring for both Centrifuge and off-chain RWAs.

I’ve developed software engineering and data science skills through my working experiences across technology and risk analytics teams.

Experience

Banking and fintech:

  • Senior Risk Analytics - Retail, SME, Corporate
  • Analytics Product Owner - Big Data and Automated Credit Decisioning
  • Software Team Lead - Bank-wide data governance & data lineage (SQL and Big Data)
  • Regulatory Risk Consultant - Basel III, IV, IFRS9

DeFi and crypto

  • Technical BA/Data Analyst in smart contract auditing and advisory - BlockchainLabs
  • Quantitative Risk Contributor - MakerDAO (Cryptonative)
  • Co-founder RWA Risk - MakerDAO (Centrifuge & other)
  • Risk Lead for Regulated Index in Enzyme (WIP)

Skills

  • Programming/Scripting: SQL, Python, R, bash, Solidity, Vyper
  • Stats: Supervised and unsupervised ML, PD modelling, Provision modelling, Market Risk modelling
  • Databases: postgreSQL, MySQL, MSSQL Server, Oracle, Apache Hive, BigQuery
  • DataViz: pandas, matplotlib, seaborn, plotly, Data Studio, PowerBI

Commitment

I can commit approximately 10 hours per week.

7 Likes

I’m interested in playing a part in this DAO if there’s room for me. I have a BA in Statistics, am pursuing a MS in Data Science, and have three years of experience working as a Statistician. I am familiar with many insurance and financial concepts after studying to be an actuary for a few years, though I can’t hope to compete with the giants above me. I have basic Solidity experience, as well as experience in most common data frameworks like SQL, R, Python, Spark, as well as machine learning and deep learning experience.

I follow the defi landscape closely and can comfortably describe the tokenomics and business model of most of the tokens available on AAVE, as well as provide an opinion on the risk with the tokens. I believe a productive DAO will have a culture of transparency and healthy debate, and will do my best to contribute in that regard.

Other than what I’ve stated, I don’t have much of a history to go off of. Here is an example of the type of things I have to say when it comes to risk. I can commit 10 hours per week.

5 Likes

Interested in contributing!

PREVIOUS ROLES

~15 years in business operations with Fortune 100 companies (BBY, MSFT) and most recently, an international real-estate venture
~5 years in finance operations, P&L management

I recently decided to leave my senior operations management role to pursue involvement in crypto full-time, with an emphasis on Ethereum-based DeFi protocols.

CRYPTO EXPOSURE

~5 years of participation in various capacities in Bitcoin & Ethereum ecosystems (mining, investment, advocacy)
Familiarity & involvement with major DeFi protocols

I’m flexible in terms of time commitments, as needs arise.

I’d like to note that I prefer to remain pseudonymous–I agree with Balaji’s perspective on the need to normalize this in crypto as well as more traditional spaces–but can validate identity & skill-sets privately.

Regardless of whether my background & skills are a match for the DAO, I believe it’ll bring real value to AAVE’s growth path, and I’ll be following it closely.

3 Likes

Speaking on behalf of Blockchain@Berkeley:

Describe your/the experts’ involvement in the Aave ecosystem and in the space more generally:

Blockchain@Berkeley (B@B) is and has been one of the most active student organizations in the Ethereum and DeFi community, paving the road for what leading blockchain student organizations look like since 2017. We’ve been actively involved in DeFi governance since December of 2020 and for nearly a year, B@B has reviewed and voted on proposals for some of the top DeFi protocols such as Aave, Compound, and Uniswap. B@B is aiming to become a significant community member in DeFi and joining Aave’s Risk DAO would be a huge step toward that goal. Over the past year alone, our education department has leveraged dedicated research projects to further understand and analyze the mechanics of DeFi and create models that can be used to better evaluate DeFi markets. One such long-term project ‘Stable Sims’ enabled a simulation of the Maker Protocol using different liquidation mechanics and stress-tests of these mechanisms under various market conditions.

What skills/experience do you/they bring?

B@B is made up of nearly 60 driven & passionate students with a breakdown of roughly 60% developers, the remaining 40% is made up of business development experts, designers, and education members. Our developers would likely be our biggest value add to the Risk DAO. Not only do all our developers do a 120 hour Web3.0 development course covering Solidity, React, and MongoDB but they are also deeply passionate and involved in the Blockchain community outside of B@B with many interning at different DeFi and Web3 companies over the summer. We believe that by participating in the Aave Risk DAO we can advance our skills and rise to meet any potential challenges while pushing the Aave protocol forward.

Can you commit ~5-10 hours a week?

Since B@B is a relatively large organization and with a dedicated governance team. 5-10 hours per week will be easily manageable and we’re excited to do so!

4 Likes

Hi! asdpc.eth here speaking in behalf of Witnet Foundation.

Witnet Foundation is a non-profit originally dedicated to stewarding the advancement of the Witnet oracle protocol and ecosystem.

We see oracles and price feeds as one of the most crucial public goods in the ecosystem right now. Given any oracle or price feed solution, regardless of its degree of decentralization, it can always introduce a single point of failure. As soon as many players are relying on an oracle or price feed and the stakes are high enough, the incentives exist for it to be attacked, and for the relaying protocols to be taken advantage of.

At the end of the day, when projects decide to use a 3rd party oracle, they are basically outsourcing one key part of their system — and namely one that is crucial for their security, liveness, viability and reputation. This is an often overlooked issue, and one that can come back to bite us anytime.

Ever since we started designing the Witnet decentralized oracle back in 2017, we had this vision of giving developers “the oracle that Ethereum deserves”. That is, a set of oracle solutions that lives up to the decentralization and censorship resistance properties that Ethereum itself offers. In other words, helping the Ethereum and Web3 ecosystem to reduce the systemic risk that oracle solutions can introduce if they are not designed and executed properly.

In this fight against systemic risk, we believe that, beyond fostering specific oracle solutions, we need to take a step forward and work side by side with the BUIDLers and projects out there to help them assess and improve their policies regarding oracles, price feeds and decentralization in general.

Also in that same spirit of cooperation for the good of the ecosystem, we partenered with Tellor, Band, Razor and others in creating the Alliance of Decentralized Oracles, an informal work group that is already working on an EIP proposing a standard interface for price feeds. This unified interface aims to make the developers’ life easier by enabling them to use one oracle solution or another in a plug-and-play manner. This also makes it super easy to create price feed contracts that aggregate data from multiple oracle solutions and leverage on their different designs. If you want to hack those, you need to hack several oracles with radically different security models.

As strong supporters of decentralization and DAOs, blending ourselves into other communities is our preferred way of collaboration — and actually the only one that makes sense for us.

Because of all of this, Witnet Foundation is applying to join the Aave Risk DAO. We are obviously most interested in the oracle risk chapter, but we are also ready to put into value the rich know-how in other areas of our cross-functional team.

In practice, Witnet Foundation can commit to the following meaningful contributions:

  • Reports and documentation on the current oracle policy of the Aave protocol, paying special attention to identifying and evaluating the risks to mitigate and any theoretic attack vectors.
  • Proposals on how to improve the current oracle policy, including the general strategy, as well as the business logic of the Price Oracle contract, the fallback oracle system, and the individual price feeds that power each of the supported assets.
  • Research and analysis on the performance of the existing price feeds, both from objective metrics and from a subjective “compared to expectations” point of view.
  • Assessment, documentation, recommendations, and participation in discussions about the oracle risk, trust model and security considerations of specific ARCs and AIPs, including those proposing addition of new assets, and those proposing technical changes or upgrades.
  • Review of price feeds and their quality, sustainability and suitability for ARCs and AIPs proposing addition of new assets.
  • Design and implementation of additional price feeds contracts so as to increase the diversity of data sources available for existing and future assets on Aave.
  • Fostering the involvement of other members of the Alliance of Decentralized Oracles in relevant oracle-related discussions.
  • Technical due diligence of projects, assets and proposals.
  • Review, auditing and documentation of smart contracts security and trust models, both for the Aave code base, the contracts of existing and proposed assets, and 3rd party protocols and dApps that may integrate with Aave behind the curtains.
  • Elaboration and cooperation on the creation of risk mitigation proposals to the governance forum on behalf of the RiskDAO.
  • Participation and cooperation with other members of the RiskDAO on the improvement of the RiskDAO’s own governance processes.

As an organization, we do not see any problem in jointly committing up to 8 or 10 hours a week. Many of us are really looking forward to getting involved as we come from a strong tradition of supporters of libre software, and we are always happy to contribute to other projects, give back to the ecosystem, and create closer ties with other hackers and communities.

Aave is obviously one of the most respected projects in the space. For us, joining the RiskDAO and having the opportunity to cooperate with the whole Aave community in strengthening the security of the platform is a one-in-a-lifetime opportunity to lead by example and raise the bar of trustlessness and decentralization for the whole ecosystem. Let’s do it together!

3 Likes

Bump. Any update on the timelines for seeing this sent to Snapshot/AIP?

1 Like

I find the approach of a Risk DAO really interesting and want be part of this opportunity to move the protocol, the DeFi sector in general and Crypto Risk Management to the next level by organizing the risk identification, analysis, assessment and mitigation in a decentralized and novel manner.

Involvement
I’ve read Aave’s Risk Framework on GitBook and found it really professional and well outlined. Moreover, the detailed analysis of financial risks of Gauntlet has caught my interest. At my current position as a Risk Manager I assess different DeFi protocols and tokens based on a rigorous assessment procedure considering their whole risk spectrum of technical, governance, economic and systemic as well as legal and regulatory risks.

Skills / experience
I’m happy to contribute the following experiences and skills to the Risk DAO:

  • more than 8 years in Risk Management for international financial institutions and fintech’s

  • more than 3 years in crypto / blockchain risk and developing a comprehensive Blockchain Risk Framework for a bank

  • Financial Risk (Market, Credit, IRR, ALM)
  • Operational Risk (incl. IT, Governance, Custody)
  • Regulatory and Legal Risk (i.e. Token Classification) on international and EU level as well as Switzerland (Basel Framework (i.e. Basel III, IV), European Commission (MiCA), EBA, FINMA (CH))
  • DeFi Protocol and Token Risk Assessment
  • Programming: SQL, Python, Solidity (basics)
  • Supervised (LR, SVM, Decision Trees) / unsupervised ML: Keras, scikit-learn
  • Data Science: pandas, matplotlib, seaborn, plotly, PowerBI
  • Medium articles: https://crypto-risk.medium.com/
  • LinkedIn profile: https://www.linkedin.com/in/fabian-breu/

Commitment
I would be very happy to join the Risk DAO and contribute up to 10 hours per week.

2 Likes