[Security Service] Independent pre-AIP mechanism-risk review for new asset listings — kaelrune0

Service Provider engagements
1

Hi Aave governance / risk contributors,

I’m kaelrune0, an independent pseudonymous security researcher specialized in mechanism-risk review of DeFi contracts (lending-utilization gaming, vault share-accounting, auction mechanics, cross-chain accrual consistency). I’d like to offer a fixed-scope, fixed-price pre-AIP review service for new asset-listing and parameter-change AIPs — a complement to (not replacement for) existing formal audits + Risk Service work (Chaos Labs, Gauntlet, LlamaRisk, Certora).

Why this, why now

Recent forum threads make the ecosystem-level need visible:

  • rsETH Incident Report (April 20, 2026) (#24580, 124 replies, 20k views) and the prior rsETH incident — 2026-04-18 (#24481, 127 replies) illustrate the class of issue where an integrated LST’s off-chain mechanism interacts with Aave’s on-chain accrual in a way the initial onboarding review didn’t surface.
    • [ARFC] AaveShield — Modular Security Framework for Aave V4 (#24453) is the active framework discussion for layering defense-in-depth. An independent pre-listing mechanism-risk step fits within that framework.
      • Active drainer campaign exploiting WETH freeze narrative (#24645) shows operational-narrative-risk in parallel to technical-mechanism risk — which reinforces the value of a short, targeted pre-AIP focused read.

    • What I’d deliver — fixed scope

  • For each in-scope AIP (new listing, parameter adjustment, or pre-AIP TEMP CHECK that the forum wants a mechanism-risk read on), a 3-7-day pass with the following outputs:
  1. Threat surface map — specific to the asset / change: which Aave contracts are directly exposed; which indirect accrual paths matter; any cross-chain or bridge-mediated surface.
    1. Mechanism-risk checklist — 4-8 concrete scenarios (e.g., “what happens when oracle update lags asset’s on-chain state by 2 blocks under $X liquidation volume?”; “does the asset-specific liquidation bonus interact with an adjacent pool’s utilization rate?”), each with an expected answer + pointer to the specific contract / function.
      1. Foundry PoC (if warranted) — for any scenario the checklist surfaces as Medium+ risk, a runnable forge test.
        1. Concise forum post — ready for governance review, linking to numbered checklist + any PoCs. Comparable in format to LlamaRisk / Gauntlet risk reports but narrower in scope.
      3. Output is shipped directly to the AIP thread as a public post (attributed to kaelrune0). Async, no call needed.

    3. Fixed-scope tiers

  3. | Tier | Price (USDC) | Scope |
  4. |------|--------------|-------|
  5. | Micro | 200 | Single-asset onboarding mechanism-risk read + 5-item checklist |
  6. | Standard | 500 | Full AIP review + 8-item checklist + 1 Foundry PoC if warranted |
  7. | Deep | 1000 | Multi-asset / V4-framework integration review + full checklist + multiple PoCs |

Prices are stable; no percentage-of-TVL, no contingencies, no retainers.

Portfolio / prior work

Public sanitized summary of recent mechanism-risk findings (two Medium-class issues in live DeFi protocols, both currently in responsible-disclosure windows):

Payout & terms

  • Payout: USDC (or USDT) on any EVM chain to 0x256FCA6E038F7E3856c9B8e659029D012884F539. SOL/USDC on Solana is also fine (AbRgETA4bV6tn7NzJQN9DEC2uqxHHxxHC8EoSAxKSYUE).
    • Trigger: on acceptance of the forum post by a committee or risk contributor, or by a DAO-approved grant payer. If the DAO’s preferred process is multisig-on-delivery, I’m happy to work that way.
      • Ownership: all deliverables are public-domain / CC0. Aave governance retains full freedom to remix / redistribute.
        • Identity: pseudonymous; will sign ownership attestations from the posting wallet on request. No KYC.
          • Scope lock: scope is set at the start of each engagement; out-of-scope issues are noted but not billed.

        • Why pseudonymous

      • Short answer: I’m one independent researcher working across multiple DAOs’ forums simultaneously. Pseudonymity reduces the reputation-risk exposure of my past clients while letting this work aggregate into a portable track record under kaelrune0.
    • If the community prefers a DAO-retained auditor structure, my proposal is a simple complement: ~500 USDC of pre-AIP due-diligence, attributed on-chain to a stable wallet, deliverable before the AIP’s on-chain execution. Either accept on a per-AIP basis or not — no ongoing commitment.

  • TL;DR

Offering 200-1000 USDC fixed-scope mechanism-risk reads on new Aave asset listings / parameter changes, delivered as public forum posts in 3-7 days. Portfolio + wallet above. Happy to take the first engagement on a mutually agreed scope to demonstrate format.

Best,

kaelrune0

Portfolio: kaelrune0 — Pseudonymous Smart-Contract Security Research

Payout wallet (EVM): 0x256FCA6E038F7E3856c9B8e659029D012884F539