Rekt News — Aave Ecosystem Security Coverage

Hey @MconnectDAO — thanks for pushing on this. Working through your questions in order.

Cost breakdown

Twelve months, $75K USDC total:

  • 6 long-form source-of-truth documents on lending-sector security — $24K ($4K each)
  • 1 video documentary — $18K
  • 1 podcast panel — $4.5K
  • 8 distribution features across X and the newsletter — $4.5K
  • Annual State of Lending Protocol Security report — $12K
  • Project management, quarterly reporting, hub.rekt.news tag maintenance, milestone reviews — $3k / quarter = $12k

$4K per long-form covers genuine investigative depth with several interviews (written or video) to researchers, auditors and contributors.

Governance impact

What we want to build is source-of-truth documents — technical, accessible, common to everyone voting — so any delegate, contributor, or service provider can read one and walk away with a working understanding of a specific topic. The information needed to vote responsibly on collateral and risk decisions isn’t secret but it is scattered across audit PDFs, forum threads, protocol blogs, and incident reports in formats that effectively require power-user familiarity to synthesize.

Done well, this work doesn’t just inform votes — it sparks better ones. Organised, well-sourced editorial gives the community something concrete to scrutinise. That tends to engage adjacent participants who currently sit out of the discussion: security firms, LPs, large lenders and borrowers, integrators evaluating Aave. More voices, more rigour and potentially new ARFCs that surface risks or opportunities the existing process hadn’t reached.

To answer the question directly: we don’t propose to touch risk parameters or author ARFCs ourselves. We engage with the community — via the forum or, where useful, a small standing task force on this initiative — to agree on which topics to cover, write them, share drafts for review, and release when ready. Older pieces stay useful: if a future ARFC benefits from analysis we did six months earlier, the work compounds. The same outputs can support adjacent security work the DAO does — onboarding new auditors, evaluating partners, BD conversations where Aave needs an independent reference to point to.

Trying to push some KPIs, looking at the Risk category over the last ten months, Aave runs roughly 30-40 security-relevant threads per year. Of those 30-40 threads, our scope realistically maps to 8-10 — the ones where consolidated independent editorial actually adds something the existing providers don’t.

Editorial work doesn’t measure cleanly against ARFC counts and we can’t promise to influence specific votes. We can only commit that we release at month 12 a public tracking log of every Aave governance thread or ARFC where the work was referenced and an assessment of which pieces landed and which didn’t. The most honest test of whether this is worth funding is whether the community finds value in the pieces and wants to renew.

Overlap with existing risk stack

ChaosLabs has covered operational monitoring. LlamaRisk covers analytical parameter recommendations. Audit firms cover pre-deployment assurance. Immunefi covers reactive bounty. The gap is the synthesis layer — the work that turns all those inputs into something a non-specialist delegate can read and understand. AlanWestbrook’s L2BEAT-style dashboard proposal in the rsETH ARFC sits in this gap (link); whether or not a dashboard gets built, the documentation layer is needed either way.

Mapping of unmet needs:

  • Public investigative record of fork incidents (Spark, Radiant, Yldr, ZeroLend, etc.) — not covered by Aave’s internal risk providers
  • Architectural narrative on Aave-stack design decisions in the context of sector incidents — not the output format of quantitative risk firms
  • Distribution to the broader DeFi audience and governance-curious readers — outside the scope of dashboard providers
  • Annual sector synthesis as a reference document — nothing equivalent exists today

Lower-budget pilot

The application already includes a $20K Rapid track scope-down (3 long-forms + 4 distribution features + tag + no State of Lending report, no video, no podcast). Happy to start there if delegates prefer to validate the format before committing to the full package. The tranche structure on the full proposal already builds in the same logic — funds release only against shipped deliverables, with a multisig signer verifying existence at each tranche.

Thanks again — happy to drill further on any of these.

— Rekt News team

1 Like