Aave v3
Overcollateralized multi-asset lending/borrowing protocol with GHO stablecoin; upstream of Spark, Radiant, and dozens of forks.
DeploymentsEthereum · $11.6B
01
Risk profile at a glance
0 red · 2 yellow · 11 green 02
Categories & evidence
184 factors · 13 categoriesCode & audits Green 6 25 of 25
RD-F-001 yellow Audit scope mismatch Governance proposal 429 cites commit b3ce634; v3.6.0 release tag is 5a230ec. Discrepancy unresolved programmatically. No affirmative evidence of material bytecode mismatch, but programmatic bytecode diff has not been performed. Nov 2025 v3.6 audit batch (Pashov, Certora, MixBytes, Savant, Blackthorn) covers v3.6 code without individually resolving this SHA discrepancy. RD-F-006 yellow Audit-to-deploy gap v3.6.0 released 2025-01-08; the comprehensive audit batch (Pashov, MixBytes, Blackthorn, Savant, Certora) is dated Nov 2025, 10+ months post-deploy. Some audits pre-dated the v3.6.0 deploy, but precise pre-deploy sign-off dates are not determinable from the public security index for all firms. Conservative yellow given ambiguity in whether any pre-deploy audit specifically covers the v3.6.0 bytecode as deployed. RD-F-009 yellow Formal verification coverage Certora provides continuous formal verification across v3.1–v3.6 and Umbrella. FV coverage exists and is significant. However, the percentage of protocol-declared critical invariants covered by FV proofs is not published; Certora reports do not state a numeric coverage percentage. RD-F-023 yellow Constructor calls _disableInitializers() Aave v3 uses VersionedInitializable (revision-based guard) rather than OZ's _disableInitializers(). The revision mechanism prevents re-initialization at lower versions but is not the canonical pattern. T-10 noted 'VersionedInitializable correctly used but has historic reinitializer-footgun potential — not triggered.' RD-F-010 gray Static-analyzer high-severity count No Slither/Mythril/Semgrep tool run available for the deployed verified source across 21-chain deployment. T-10 flagged this as a systemic data gap for multi-chain lending protocols. Multiple Tier-1 audit firms substantially reduce probability of live high-severity undetected issues, but gray is the appropriate status without programmatic output. RD-F-021 n/a UUPS _authorizeUpgrade correctly permissioned Aave v3 uses Transparent Proxy pattern (not UUPS) for all Pool contracts. UUPS _authorizeUpgrade is not applicable. Upgrade gating is via PoolAddressesProvider and Executor timelocks — assessed under Cat 2.
RD-F-002 green Audit recency Most recent v3.6.0 audit: Pashov (2025-11-29), ~150 days before assessment date. Within the 365-day green threshold.
RD-F-003 green Resolved-without-proof findings No evidence of any high/critical finding marked Resolved without a verifiable on-chain commit. The aave-dao/aave-proposals-reports repo is public and links commits to governance proposals for all upgrades.
RD-F-004 green Audit count 14+ distinct audit firms covering v3.x deployed bytecode: Trail of Bits, SigmaPrime, PeckShield, ABDK, OpenZeppelin, Certora, MixBytes, Cantina, StErMi, Enigma, Oxorio, Blackthorn, Pashov, Savant, Sherlock, ChainSecurity. Far exceeds the >=2-firm green threshold. Deepest audit coverage in DeFi.
RD-F-005 green Audit firm tier Five independent firms audited the v3.6.0 upgrade per Aave Governance Proposal 429 / aave-dao/aave-proposals-reports: Pashov Audit Group, Certora (continuous formal verification + adapted FV properties for v3.6), MixBytes, Savant, and Blackthorn. Certora is the standing security service provider for the Aave DAO. Historical v3 codebase has prior Tier-1 reviews (Trail of Bits, OpenZeppelin, SigmaPrime) but the v3.6.0 upgrade specifically was reviewed by the Pashov/Certora/MixBytes/Savant/Blackthorn cohort -- Spearbit is NOT a v3.6.0 reviewer.
RD-F-007 green Bug bounty presence & max payout Active Immunefi program with $1,000,000 maximum payout for critical smart contract vulnerabilities. Also active on Sherlock. Exceeds the $500K green threshold. T-10 notes 83 in-scope assets and monthly payouts evidenced.
RD-F-008 green Ignored bounty disclosure No evidence of any prior incident where a disclosed vulnerability was reported and ignored before exploit. Nov 2023 stable-rate vulnerability was responsibly disclosed and patched with no exploit. Aug 2024 periphery exploit involved a novel finding, not a prior ignored disclosure.
RD-F-011 green SELFDESTRUCT reachable from non-admin path No SELFDESTRUCT in Aave v3 core contracts per multiple audit reviews (OpenZeppelin, Trail of Bits). Protocol uses proxy pattern without SELFDESTRUCT in implementation contracts.
RD-F-012 green delegatecall with user-controlled target No user-controlled delegatecall found in Aave v3 core. Internal delegatecall to PoolLogic libraries uses fixed library addresses set at initialization — not user-controllable. Confirmed by multiple audit reviews.
RD-F-013 green Arbitrary call with user-controlled target No unfiltered user-controlled external call path in Aave v3 core. Periphery Paraswap adapters are separate contracts with selector allowlists. Aug 2024 periphery exploit involved dust accumulation, not arbitrary call-target exploitation of core contracts.
RD-F-014 green Reentrancy guard on external-calling functions Aave v3 uses storage-based reentrancy guard and CEI pattern across all core lending functions. Multiple Tier-1 audits (OpenZeppelin, Trail of Bits) explicitly reviewed reentrancy posture. No reentrancy finding in core lending path in any audit.
RD-F-015 green ERC-777/1155/721 hook without reentrancy guard Aave v3 lending does not integrate ERC-777 token standards; all accepted assets are standard ERC-20. ERC-1155/721 are not accepted as collateral. No callback-hook attack surface in core protocol.
RD-F-016 green Divide-before-multiply pattern No divide-before-multiply findings in any of the 30+ audit reports covering v3.x. Protocol uses WadRayMath library with RAY (1e27) normalization for all critical arithmetic.
RD-F-017 green Mixed-decimals math without explicit scaling Aave v3 uses RAY normalization (27-decimal) for liquidity-index and rate calculations with explicit decimal scaling per asset on intake. No finding of un-normalized cross-decimal arithmetic in any audit.
RD-F-018 green Signed/unsigned arithmetic confusion No signed/unsigned confusion findings in any audit report across 30+ engagements. Protocol uses Solidity 0.8.x which natively reverts on overflow/underflow.
RD-F-019 green ecrecover zero-address return unchecked Aave v3 core lending contracts do not use ecrecover for signature recovery. Admin changes go through governance proposals, not ECDSA signer-recovery patterns.
RD-F-020 green EIP-712 domain separator missing chainId Aave v3 core lending functions do not use EIP-712 signatures. Pool interactions are direct on-chain calls. EIP-712 appears in peripheral AAVE token permit functions which use standard domain separators including chainId.
RD-F-022 green Public initialize() without initializer modifier VersionedInitializable pattern correctly applied across all Aave v3 implementation contracts. Revision counter prevents re-initialization at any version <= current revision — functionally equivalent to OZ initializer modifier. Certora FV covers initialization invariants. No unprotected initialize() found.
RD-F-024 green Code complexity vs audit coverage Aave v3 has the best LOC-per-audit-day ratio in the sample: 14+ firms, 30+ engagements over 4 years. Codebase uses well-separated library architecture. No audit-adequacy concern relative to code size.
RD-F-183 green Bug bounty scope gap on highest-TVL contracts Immunefi program covers core Aave v3 contracts with $1M max payout and 83 in-scope assets per T-10. The rsETH OFT adapter exploited in April 2026 was a Kelp DAO contract, not an Aave core contract. No evidence that Aave's highest-TVL contracts (Pool, PoolAddressesProvider, etc.) are excluded from bounty scope.
Governance & admin Green 13 24 of 24
RD-F-028 yellow Low-threshold multisig vs TVL Both Guardians are 5-of-9, at peer-cohort norm for $14B TVL. BGD Labs and ACI are 2-of-9 signers on Protocol Emergency Guardian and both are departing April 2026 with no announced signer rotation. Governance Guardian is fully independent (cross-ecosystem: Zapper, Paraswap, Standard Crypto, DeFi Saver, Balancer, Chainlink, DeFi OG, Lido, Certora). Safe API returned not_found; signer composition verified via governance forum. RD-F-030 yellow Hot-wallet signer flag All signers are named individuals from institutional organizations with public track records. Per-signer on-chain hot-wallet heuristic assessment not performed (requires PH tooling). Scored yellow due to incomplete automated verification rather than evidence of hot-wallet use. RD-F-031 yellow Signer rotation recency No signer-set change events identified in last 90 days. Last formal renewal: ARFC Guardian Renewal 2024. BGD Labs and ACI departures (announced April 2026) have not yet produced signer-set change events. No threshold reduction event (which would trigger red per v1.1 DPRK-precursor pattern). RD-F-033 yellow Timelock on sensitive actions Upgrade: timelocked (Executor Lvl1/2). GHO mint: timelocked via governance AIP. Rescue: no direct rescue; equivalent via AIP (timelocked). Oracle replacement: timelocked via AIP. Pause/freeze: NOT timelocked (EMERGENCY_ADMIN role on Granular Guardian allows immediate reserve freeze — intentional emergency design). 4 of 5 action types timelocked. RD-F-039 yellow delegatecall/call in proposal execution without allowlist Aave Executors use delegatecall to proposal-supplied payload contract. No on-chain target allowlist at Executor level. Mitigated by: (a) 1-day/7-day timelock delays, (b) Governance Guardian 5-of-9 can cancel malicious proposals, (c) Certora reviews 470+ proposals in public proposals-reports repo. Structural exposure (no allowlist) exists but is operationally mitigated. RD-F-041 yellow Rescue/emergencyWithdraw without timelock No standalone rescue()/emergencyWithdraw() function on the core Pool callable directly by admin without timelock. EMERGENCY_ADMIN (Granular Guardian) can freeze reserves but not withdraw funds. Fund rescue would require a timelocked AIP. Yellow per methodology: rescue exists but limited (governance-path, not direct-admin-call). RD-F-042 yellow Admin has mint() with unlimited max GHO stablecoin has admin-callable mint() via Facilitator contracts. Each Facilitator has a governance-set bucket cap enforced at contract level. Increasing caps requires a timelocked AIP (Executor Lvl1, 1-day). Cap is governance-mutable but not unlimited by single admin action. Yellow per methodology: mint with governance-set cap (changeable but enforced). RD-F-047 yellow Governance token concentration (Gini) AAVE token distribution is moderately concentrated among Aave Companies, service providers, and institutional holders. Gini coefficient not computed programmatically. BGD/ACI departure creates a 2-slot governance-contributor vacuum. T-10 v1.4 noted this as a within-category yellow (upgraded from T-10's red-within-category assessment under v1.5 integrity rule). RD-F-167 yellow Deprecated contract paused but pause reversible by live admin Aave v2 markets are in governance-directed wind-down but remain live with material TVL. The Protocol Emergency Guardian (5-of-9) can freeze/pause Aave v2 reserves. The v2 pause is reversible. Admin scope extends to a sunset surface, but this is intentional (governance-tracked wind-down, not abandonment). RD-F-044 gray Admin wallet interacts with flagged addresses Cluster feed check requires Chainalysis/TRM API (unavailable in this assessment). Guardian multisig addresses are from institutional organizations with public track records; no flagged interactions identified from available OSINT.
RD-F-025 green Admin key custody type DAO+timelock custody. Executor Lvl1 (1-day) for routine ops; Executor Lvl2 (7-day) for governance-critical changes; two 5-of-9 Guardian multisigs for emergency actions. No EOA holds any admin role.
RD-F-026 green Upgrade multisig signer configuration (M/N) Multiple distinct privileged addresses: Executor Lvl1, Executor Lvl2, Governance Guardian, Granular Guardian, ACLManager roles distributed across separate contracts. Roles are cleanly separated.
RD-F-027 green Single admin EOA No EOA holds any admin role. All sensitive roles (upgrade, emergency, governance) are held by multisig or timelock contracts. Protocol is 50 months old with no deployer-EOA admin retention.
RD-F-029 green Multisig signers co-hosted Governance Guardian signers are from 9 distinct independent organizations across multiple DeFi ecosystems (Zapper, Paraswap, Standard Crypto, DeFi Saver, Balancer, Chainlink, Lido, Certora, independent DeFi contributor). Co-hosting is highly unlikely.
RD-F-032 green Timelock duration on upgrades Executor Lvl1: 86,400 seconds (1 day). Executor Lvl2: 604,800 seconds (7 days). Both exceed 24h threshold; Lvl2 far exceeds 48h. Legacy Executor (0x79426A1c) is INACTIVE (IAaveGovernanceV2 interface, 1 tx from 2023); active Lvl2 is 0x17Dd33Ed confirmed by GovernanceV3Ethereum.sol.
RD-F-034 green Guardian/pause-keeper distinct from upgrader EMERGENCY_ADMIN (pause/freeze) held by Granular Guardian 0x4457cA11E90f416Cc1D3a8E1cA41C0cdEcC251d4. Upgrader is Executor Lvl1 0x5300A1a15135EA4dc7aD5a167152C01EFc9b192A. Fully distinct addresses.
RD-F-035 green Role separation: upgrade ≠ fee ≠ oracle Upgrade role: Executor Lvl1/Lvl2. Fee/treasury: Collector (0x464C71f6c2F760DdA6093dCB91C24c39e5d6e18c, separate). Oracle config: AaveOracle managed via AIP through Executor. All three role types held by distinct contracts.
RD-F-036 green Flash-loanable voting weight Aave Governance V3 uses block-hash-based voting power checkpoints. Voting weight is locked at proposal snapshot block. Flash-borrowed AAVE post-snapshot has zero voting power. Standard checkpoint pattern (Compound Governor Bravo lineage) correctly implemented.
RD-F-037 green Quorum achievable via single-entity flash loan Flash-loan quorum attack ruled out by the same checkpoint mechanism as F036. Flash-borrowed AAVE cannot be used to vote (post-snapshot balance irrelevant). Quorum requires a large fraction of locked/delegated AAVE.
RD-F-038 green Proposal execution delay < 24h Executor Lvl1: 86,400s (1 day) post-pass delay. Executor Lvl2: 604,800s (7 days). Plus voting period (~3 days for most AIPs). Total proposal-to-execution time is well above 24 hours on both paths.
RD-F-040 green Emergency-veto multisig present Governance Guardian (0xCe52ab41C40575B072A18C9700091Ccbe4A06710, 5-of-9) holds the cancel role on the Governance Core. It can veto malicious proposals before execution within the 1-day Lvl1 window.
RD-F-043 green Admin = deployer EOA after 7 days Deployer wallets (0xb90594ea5128a8178e132286dc2b7fbac7d7266c and 0x51f22ac850d29c879367a77d241734acb276b815) have no ongoing admin role. Protocol is 50 months old (v3 Ethereum: 27 months). All admin roles are held by Executor contracts and Guardian multisigs established at genesis.
RD-F-045 green Constructor args match governance proposal All AIP deployments go through the proposals-reports repo with Certora security review and calldata verification. No known deviation between proposal calldata and deployment args. 470+ proposals logged with reviews.
RD-F-046 green Contract unverified on Etherscan/Sourcify All core Ethereum contracts are verified on Etherscan: Pool, PoolAddressesProvider, ACLManager, AaveOracle, Governance Core, Executor Lvl1, Executor Lvl2, PayloadsController, CrossChainController. Source verified at deploy.
Oracle & external dependencies Green 20 17 of 17
RD-F-057 red Circuit breaker on price deviation No protocol-level circuit breaker exists in the Pool contract that halts borrowing or liquidations on oracle price deviation. CAPO operates at the oracle-adapter level (not Pool level). The March 2026 CAPO/wstETH incident directly demonstrates the gap: the CAPO exchange rate cap was misconfigured below market rate, triggering approximately $27M in E-Mode liquidations. No Pool-level mechanism caught this before liquidations fired. Post-incident governance only restored borrow caps, no architectural circuit breaker was added. Red-within-category (does not elevate Cat 3 to red roll-up per T-10 methodology — Cat 3 remains yellow). RD-F-049 yellow Oracle role per asset All oracle feeds serve as Primary for their assets. FallbackOracle is non-functional (zero address or equivalent). CAPO adapters serve as primary for LST assets (wstETH, stETH). Full per-chain oracle role mapping not verified beyond Ethereum Core. RD-F-050 yellow Dependency graph (protocols depended upon) Dependency graph drawn. Critical dependencies: Chainlink oracle network (no fallback), LRT/LST collateral providers (rsETH/Kelp exploited April 2026 demonstrating bridge-layer collateral contamination), Aave Umbrella safety module, GHO facilitators, Paraswap periphery (exploited Aug 2024). LRT collateral list not fully enumerated across all 21 chains. RD-F-051 yellow Fallback behavior on oracle failure AaveOracle has a FallbackOracle mechanism contractually (setFallbackOracle()) but it is non-functional in production — configured to zero address or equivalent per T-10 assessment. If primary Chainlink feed reverts or returns stale data, no automatic fallback activates. Pool-dependent functions revert. RD-F-052 yellow Breakage analysis per dependency Breakage analysis documented: Chainlink failure causes Pool reverts with no fallback; CAPO misconfiguration triggers incorrect liquidations (demonstrated March 2026, ~$27M E-Mode liquidations); LRT bridge exploit allows unbacked collateral deposit (demonstrated April 2026 rsETH, $123-230M bad debt); GHO CCIP failure halts GHO cross-chain transfers; a.DI failure halts L2 governance delivery. RD-F-058 yellow Max-deviation threshold (bps) No Pool-level circuit-breaker deviation threshold configured — F057 establishes there is no protocol-level circuit breaker. CAPO adapters have per-LST rate caps at the adapter level. Per-asset CAPO parameters exist but are not a systematic protocol-wide threshold. Yellow because per-asset CAPO caps are a partial mitigant at the adapter level. RD-F-059 yellow Oracle staleness check present Pool contract does not implement an inline staleness check on oracle reads. AaveOracle.getAssetPrice() calls latestAnswer() without a require(updatedAt > block.timestamp - maxStaleness) guard. Staleness protection is delegated to Chainlink heartbeat mechanism. For stablecoin feeds, heartbeats of 23-24 hours (USDC 82800s, USDT 86400s, AVAX 86400s from data cache) create a substantial window where a stale price would be accepted without Pool-level rejection. RD-F-060 yellow Chainlink aggregator min/max bound misconfig Chainlink feeds for major assets have minAnswer/maxAnswer bounds in the aggregator. The ETH/USD floor-bug class risk (minAnswer too high — would report $X even if price dropped below) is known for Chainlink. Specific minAnswer/maxAnswer values for each of the 21+ feeds were not individually verified in this assessment. LRT/LST CAPO wrappers add configuration complexity. Yellow due to incomplete individual feed verification.
RD-F-048 green Oracle providers used Chainlink push-oracle is the sole provider for all 21+ AaveOracle price sources on Ethereum. Data cache confirms all oracle_feeds entries list provider: Chainlink. LST/LRT adapters (CAPO) wrap Chainlink feeds with rate caps. No alternative oracle provider identified on any of the 21 chains.
RD-F-053 green Oracle source = spot DEX pool (no TWAP) No spot DEX pool oracle used in any production Aave v3 market. All 21+ oracle sources in data cache are Chainlink push-oracle feeds. CAPO wrappers for LST assets use Chainlink feeds as underlying source with rate cap applied — not DEX spot prices. Factor is definitively not triggered.
RD-F-054 green TWAP window duration Not applicable — Aave v3 does not use TWAP-based oracles. All price sources are Chainlink push-oracle with deviation+heartbeat triggers. No TWAP window to measure. N/A mapped to green (absence of TWAP means absence of short-TWAP-window risk).
RD-F-055 green Oracle pool depth (USD) Not applicable — Aave v3 uses Chainlink push-oracle, not DEX-pool-based oracles. No underlying pool liquidity is relevant to oracle robustness. N/A mapped to green.
RD-F-056 green Single-pool oracle (no medianization) Chainlink feeds use multi-node aggregation across the Chainlink node network — not a single DEX pool. Single-pool oracle concentration risk is not present.
RD-F-061 green LP token balanceOf used for pricing Aave v3 uses Chainlink price feeds for oracle pricing, not LP token balanceOf reads. This vulnerability pattern is not present.
RD-F-062 green External keeper/relayer not redundant Aave v3 liquidation is permissionless — any address can call liquidationCall(). No external keeper dependency for core protocol operations. Chainlink Automation not required. Liquidation bots (Gauntlet, Chaos Labs risk teams) are supplementary actors, not single-point dependencies.
RD-F-180 green Immutable oracle address AaveOracle.setAssetSources(address[] calldata assets, address[] calldata sources) is callable by POOL_ADMIN or ASSET_LISTING_ADMIN. These roles are controlled by Aave Governance with 1-day or 7-day timelock. Oracle price source addresses are NOT EVM immutable — they are stored in a governance-replaceable mapping. The March 2026 wstETH CAPO oracle update and the April 2026 rsETH response both confirmed governance can update oracle adapter configurations. AaveOracle contract is owned by governance. Factor definition (oracle source address not replaceable without full binary upgrade) is definitively not triggered.
RD-F-181 green Permissionless-pool lending oracle Aave v3 does not accept spot prices from a permissionlessly-listed DEX pool. Market listing requires governance approval (ASSET_LISTING_ADMIN role, DAO vote, risk committee review). The April 2026 rsETH incident was not an F181 failure — rsETH was governance-approved collateral; the failure was a bridge exploit on an already-listed asset.
Economic risk Green 17 13 of 13
RD-F-066 red Utilization rate (lending protocols) WETH and USDT markets hit 100% utilization April 18–20, 2026 during the rsETH/Kelp event. USDC remained at 99.87% utilization for 4+ consecutive days post-event (as of April 23, 2026 reporting). Blended utilization at assessment date is 88.49% (data cache, 2026-04-27), indicating partial recovery but individual markets likely still above 95% threshold. Withdrawal freeze materialized for affected markets. An ARFC for USDC rate parameter changes was posted April 23, 2026; execution status not confirmed. RD-F-067 red Historical bad-debt events Two bad-debt events in Aave history: (1) Nov 2022 CRV short attack on v2 ~$1.6M, fully DAO-compensated. (2) April 2026 rsETH/Kelp collateral contamination — $123–$230M bad debt UNRESOLVED at assessment date (2026-04-27). As of April 26, 2026, the DeFi United initiative raised ~$160M of ~$200M target (80%). An ARFC proposing 25,000 ETH DAO treasury contribution was in community discussion/feedback stage, not yet passed as AIP. DAO disbursement has not occurred. Methodology threshold: red = ≥2 events OR any uncompensated loss. The April 2026 bad debt remains uncompensated — red confirmed. RD-F-063 yellow TVL (current + 30d trend) Current TVL $14.06B (DefiLlama, 2026-04-27). 30-day change -39.83% — severe decline driven by rsETH/Kelp event April 18–20, 2026 (>$6B TVL drain in 24h). 1-day recovery +2.42% indicates partial stabilization. TVL far above $100M threshold but 30d trend decline >20% triggers yellow per methodology threshold. RD-F-064 yellow TVL concentration (top-10 wallet share) Top-10 depositor concentration not quantified via on-chain holder scan in this run. Institutional lending protocols at this TVL tier typically exhibit 30–60% top-10 concentration, placing Aave in the yellow band by analogy. Default yellow per scoring discipline (uncertain between yellow and green, default yellow). RD-F-065 yellow Liquidity depth per major asset WETH/USDC/USDT are deeply liquid in normal conditions given $14B TVL. However, the rsETH/Kelp event demonstrated that LRT collateral (rsETH) lacked sufficient liquidation depth when 89,567 rsETH needed to be unwound simultaneously at a depeg — resulting in $123–230M bad debt that could not be liquidated. Asset-by-asset depth at 2%/5% price impact not quantified in this run. RD-F-068 yellow Collateralization under stress Curator stress simulation (top-3 collateral -50%) not performed in this run (PH-class factor). Real-world evidence from April 2026 event: rsETH effective value dropped to 0% (unsupported bridged asset), resulting in $123–230M bad debt. Global protocol ratio: $14.06B supply / $12.44B borrow = ~113% — above 110% threshold but close to the floor. Individual market impairment is confirmed. Yellow per 110–150% stress range. RD-F-074 gray ERC-4626 virtual-share offset (OZ ≥4.9) Aave v3 Pool is not an ERC-4626 vault. The aToken/debtToken accounting uses the proprietary liquidityIndex / variableBorrowIndex model with virtual accounting (v3.1+). GHO Safety Module (stkGHO) uses a staking model, not ERC-4626. Umbrella (v3.6, June 2025) uses a different backstop model. No ERC-4626 satellite vault identified in the Aave v3 core protocol scope. Factor is not applicable.
RD-F-069 green Algorithmic / under-collateralized stablecoin Aave v3 is a fully overcollateralized lending protocol. GHO stablecoin is minted against overcollateralized Aave positions (not algorithmic). No undercollateralized or algorithmic stablecoin design present. Factor N/A per taxonomy in the algorithmic stablecoin sense; green per methodology 'fully overcollateralized with excess reserves' classification.
RD-F-070 green Empty cToken-style market (zero supply/borrow) Aave v3.1 virtual accounting eliminates the Compound V2 empty-market donation attack at the architectural level. The liquidityIndex-based share accounting maintains a virtual supply offset, preventing share inflation regardless of user deposit state. New market listings additionally require a governance payload that seeds the market before borrow-enable. Aave v3 originated this mitigation pattern, which is now the industry standard fix. This is a hard green — the attack surface for the cToken-style empty-market exploit does not exist in this codebase.
RD-F-071 green Seed-deposit requirement for new market listing Aave v3 market listings require a governance AIP with payload that includes seed deposit initialization before borrow-enable. This is code-enforced via the governance payload executor. The v3-205 rsETH onboarding proposal is an example of a listing payload that includes reserve initialization. Seed deposit requirement is structurally present.
RD-F-072 green Market-listing governance threshold New market listings require a full DAO AIP vote on-chain at vote.onaave.com, preceded by ARFC community discussion and optional Snapshot signal vote. This is the highest governance threshold classification. Risk Stewards can adjust parameters of existing markets but cannot list new markets without DAO approval. High-threshold DAO vote = green.
RD-F-073 green Oracle-manipulation-proof borrow cap Aave v3 uses Chainlink push-oracle feeds as the primary price source. The per-asset borrow-cap vs DEX-oracle-pool-depth manipulation framing is N/A because Chainlink is not a DEX TWAP. Borrow caps are set via governance AIP. Chainlink oracle manipulation cost is orders of magnitude higher than a DEX pool manipulation (requires compromising Chainlink nodes, not DEX pool liquidity). Green under the taxonomy's not-applicable clause for protocols not using spot DEX-TWAP oracles.
RD-F-075 green First-depositor / share-inflation guard Aave v3's virtual accounting (v3.1+) provides a first-depositor guard at the architectural level: the liquidityIndex virtual offset prevents share inflation attacks regardless of deposit sequence. This is stronger than an ERC-4626 seed deposit or dead-share approach. Seed deposits are additionally required for new market listings via governance payload. The combination provides definitive protection against first-depositor / share-inflation attacks.
Operational history Yellow 44 15 of 15
RD-F-077 red Prior exploit count 4 incidents on record. rsETH/Kelp bad debt ($123–230M) remains unresolved at M3a date — $160M raised of ~$200M needed (as of 2026-04-26); ~$40M residual shortfall; no on-chain AIP vote executed. CRV bad debt ($1.6M) was DAO-compensated (resolved). Periphery $95K was DAO treasury loss (unrecovered but small). Two incidents involve unrecovered loss; the rsETH case is material and unresolved. RD-F-078 red Chronic-exploit flag (≥3 incidents) 4 incidents in 50-month operational history. Chronic flag (≥3 incidents) fires. CRV bad debt (Nov 2022), stable rate vulnerability (Nov 2023), periphery exploit (Aug 2024), rsETH/Kelp (Apr 2026). Count = 4, threshold = 3. RD-F-084 red TVL stability (CoV over 90d) TVL 30-day change: -39.83% (data cache, fetched 2026-04-27). TVL dropped from ~$20B+ to $14.06B. The rsETH/Kelp event caused an intra-day $6B+ TVL drain on April 18–19. High coefficient of variation for trailing 90-day window. Red: extreme TVL volatility consistent with an acute stress event within the measurement window. RD-F-089 red Insurance coverage active No active third-party insurance coverage on Nexus Mutual, Unslashed, Sherlock cover, or equivalent for Aave v3. The Umbrella staking module (v3.6.0, live June 2025) is Aave's proprietary internal safety backstop — it auto-slashes staked aWETH to cover bad debt. This is not third-party insurance. Red: no external insurance coverage. Common pattern at this TVL tier; absorbed as single within-category red. RD-F-166 red Deprecated contracts still holding value Aave v2 is in governance-directed wind-down per ARFC 'Continued deprecation steps of Aave v2 markets'. V2 markets officially deprecated/announced for deprecation, yet still hold material user TVL with active deposits. Profile §2 confirms 'Aave v2 markets remain live in governance-directed wind-down.' Parameter restrictions applied incrementally (supply cap reductions, LTV adjustments) but full contract closure not executed. Aave v1 is fully shut down (not scored). F166 fires on v2. RD-F-080 yellow Days since last exploit rsETH/Kelp event: 2026-04-18. Assessment date: 2026-04-27. Days elapsed: 9. T-10 scored red ('active event <3d old' at April 21). At April 27: Guardian freeze is in place, no ongoing drain, bad debt crystallized and in recovery (not accruing), utilization normalized to 88.49% from 100% during event (data cache). Event is contained — no longer operationally active. Scoring updated to yellow: 9 days since most recent incident is recent but not zero/active. RD-F-081 yellow Post-exploit response score rsETH/Kelp response: Guardian freeze within ~75 minutes (strong). Post-mortem within 2 days (excellent). Named root cause, specific tx hashes referenced. DeFi United recovery effort shows transparency and initiative. Deduction: the 1/1 DVN risk had been publicly flagged on the Aave governance forum 15 months before exploit without Aave acting to delist or restrict rsETH collateral. Score: 3/5. Yellow. RD-F-083 yellow Auditor re-engaged after last exploit For rsETH/Kelp: root cause was external (Kelp's LayerZero DVN config). No Aave contract vulnerability was found. No specific post-incident targeted audit of Aave's collateral onboarding or LRT acceptance criteria announced. Certora continuous FV and multi-firm audit cadence provide ongoing coverage but no explicit post-incident re-engagement. Yellow: ongoing auditor engagement present but no specific incident-triggered re-audit announced. RD-F-086 yellow Pause activations (trailing 12 months) 1 deliberate pause activation in trailing 12 months: rsETH market freeze on April 18–19 2026 across 11 deployments via Guardian multisig EMERGENCY_ADMIN role. Activation was justified and correctly executed. Yellow by count (taxonomy scores any pause activation; one justified activation = yellow not red). RD-F-087 yellow Pause > 7 consecutive days rsETH reserves remain frozen as of April 27 2026 — 9 consecutive days since April 18 freeze. Crosses the 7-consecutive-day threshold. Pause is deliberate and protective (not an operational failure). Yellow: threshold triggered; ongoing justified pause.
RD-F-076 green Protocol age (days) v3 first mainnet deploy 2022-03-16 across Polygon/Avalanche/Arbitrum/Optimism. As of 2026-04-27: ~2,851 days (~50 months) live. Ethereum mainnet v3 deploy 2023-01-27 = 27 months. Both exceed the 12-month A-grade floor and the >24-month threshold for full green.
RD-F-079 green Same-root-cause repeat exploit No two incidents share the same root-cause cluster. CRV (oracle/market manipulation on v2), stable rate (accounting bug — pre-exploit patch, $0 loss), periphery (dust accumulation, unprotected sweep), rsETH/Kelp (external bridge DVN misconfiguration, collateral contamination). Four distinct root causes across four incidents.
RD-F-082 green Post-mortem published within 30 days rsETH post-mortem published April 20, 2026 — 2 days after April 18 exploit. Well within 30-day window. Stable rate incident post-mortem published same day (Nov 4, 2023). Periphery incident post-mortem published same day (Aug 28, 2024). Consistent same-day/next-day post-mortem pattern across all incidents.
RD-F-085 green Incident response time (minutes) Aave Guardian freeze on rsETH and wrsETH reserves across all 11 listed deployments at 18:52 UTC -- 77 minutes after the 17:35 UTC exploit (Ethereum block 24,908,285). BGD public statement within ~3 hours. Note: 18:21 UTC reference in hacksdatabase/kelp-dao-rekt.md is Kelp's own pauseAll on the OFTAdapter, not Aave's Guardian action; the two are separate multisigs on separate contracts. 77-minute multi-chain Guardian response to a cross-chain collateral contamination event is operationally strong. Green.
RD-F-088 green Re-deployed to new addresses in last year No full redeploy to new addresses in the trailing 12 months. v3.6.0 upgrade (January 2025) executed via proxy implementation swap, not address migration. No address-set retirement observed. Green.
Real-time signals Green 17 22 of 22
RD-F-090 yellow Mixer withdrawal → protocol interaction Lazarus Group / DPRK TraderTraitor mixer-to-Aave path was active during the April 18 Kelp DAO exploit (deposited 89,567 fraudulent rsETH). Post-freeze: no new mixer-to-protocol interactions detected at Aave as of April 27. Signal fired (Tier C advisory) during the event window. Yellow because confirmed historical firing 9 days ago; Tier C never flips grade. RD-F-098 yellow TVL anomaly — % drop in <1h TVL $14.06B as of April 27 (+2.42% 1d; -39.83% 30d). The drain event occurred April 18-20; signal would have fired during that window (~$6.4B drain in 24h). At April 27 (9 days post-event), TVL is stabilizing — the rolling-window trigger (`TVL_now / TVL_baseline_30d < 0.70` in trailing 60-min) does not fire on current state. Signal has cleared. Yellow (not green) because 30d baseline is depressed from the event; a new shock would fire from a lower baseline, and the prior event's bad debt ($123-230M) remains unresolved. RD-F-101 yellow Large governance proposal queued Multiple active governance proposals in queue: rsETH incident funding update (ARFC-24740, ~$160M/$200M target raised per April 26 CoinDesk); WETH market unfreeze discussions; AAVE buyback pause. All are legitimate governance responses — no malicious-pattern criteria met (no fresh-wallet proposer, no admin-role grantRole from unknown proposer). Elevated governance activity warrants yellow. RD-F-102 yellow Admin/upgrade transaction in mempool Guardian freeze executed April 18 within ~75 minutes of the rsETH exploit being identified. At April 27 (9 days post-event): rsETH markets frozen across all 11 deployments; WETH Ethereum Core V3 unfrozen (supply only; LTV=0); WETH frozen on Prime, Arbitrum, Base, Mantle, Linea. No new emergency admin transactions in mempool as of April 27. Further admin actions (governed unfreeze AIPs) anticipated but will route through governance timelock. Was RED at T-10 (April 21). Delta: emergency-red → governance-yellow. RD-F-104 yellow Stablecoin depeg >2% on shared-LP venue No qualifying stablecoin depeg active as of April 27. USDC, USDT, DAI within peg. rsETH is not a stablecoin — the LRT depeg (core mechanism of the April 18 attack) falls outside the formal F104 trigger criteria. Methodology gap: F104 stablecoin-depeg framing too narrow for LRT collateral depeg events. Yellow because the structural risk F104 is meant to detect just materialized in a non-covered form. RD-F-091 gray Partial-drain test transactions v1-deferred signal. No public evidence of partial-drain test transactions as a precursor to the April 18 attack. Attack vector was bridge-collateral contamination, not iterative drain testing. Cannot assess in static mode without live mempool monitoring. RD-F-092 n/a Unusual mempool pattern from deployer wallet No unusual mempool patterns from protocol deployer wallets. Deployer wallets (0xb90594ea — Kraken-funded; 0x51f22ac8 — Binance-funded) are legacy-dormant. Protocol is governed through Guardian multisigs, not deployer EOAs. v1-deferred signal. RD-F-093 gray Abnormal gas-price willingness from attacker wallet v1-deferred. Public mempool data for April 18 attack gas premiums not available in static assessment. Cannot confirm or deny abnormal gas-price patterns without live mempool access. RD-F-094 n/a New contract with similar bytecode to exploit template No similar-bytecode contract deployments targeting Aave pool contracts observed. Attack was bridge-collateral contamination, not a proxy-exploit bytecode pattern. v1-deferred. RD-F-095 n/a Known-exploit function-selector replay No known-exploit replay selector patterns applicable to this attack class. The April 18 attack was a bridge-minted-collateral event, not a function-selector replay. v1-deferred. RD-F-096 gray New ERC-20 approval to unverified contract from whale v1-deferred. Cannot assess whale ERC-20 approvals to unverified contracts without live mempool monitoring. No public evidence of this pattern in the pre-event window. RD-F-097 n/a Sybil surge of identical-pattern transactions No sybil surge of identical-pattern transactions applicable. The April 18 attack involved a single sophisticated actor (Lazarus / DPRK TraderTraitor), not a sybil wave. v1-deferred. RD-F-106 n/a Cross-chain bridge unverified mint pattern The April 18 attack was precisely this signal's detection target: Lazarus forged rsETH mints via a compromised LayerZero DVN, then deposited the unbacked rsETH as Aave collateral. rsETH markets are frozen as of April 27, preventing further cross-chain contamination. v1-deferred signal. Yellow because the mechanism is confirmed applicable and bad debt ($123-230M) from the prior event remains unresolved. RD-F-107 gray Admin EOA signing from new geography/device v1-deferred. Off-chain signing telemetry for Guardian multisig signers not publicly available in static assessment. No evidence of anomalous signing geography during incident response. RD-F-108 n/a GitHub force-push to sensitive branch No evidence of force-pushes or unauthorized commits to aave-dao/aave-v3-origin or bgd-labs/aave-address-book. Data cache: last GitHub commit 2026-04-25 (routine activity). v1-deferred. RD-F-109 n/a Social-media impersonation scam spike Elevated impersonation risk during organizational transition (BGD Labs and ACI departing as primary service providers, April 2026). Multiple AAVE typosquat domains documented (F161 yellow). No confirmed coordinated scam-spike at protocol level as of April 27. v1-deferred. RD-F-110 n/a Unusual pending/executed proposal ratio Elevated governance proposal volume relative to a normal 30-day window — rsETH funding, WETH unfreeze, AAVE buyback pause, DeFi United recovery initiative all active simultaneously. Expected incident-response governance activity; not a manipulation signal. v1-deferred.
RD-F-099 green Oracle price deviation >X% from secondary No current oracle deviation on core Chainlink feeds (ETH/USD, BTC/USD, USDC/USD, USDT/USD). rsETH oracle reported correctly during incident — the oracle accurately priced rsETH relative to its redemption backing; the attack was at the bridge/mint layer above the oracle layer. Phase 2 signal.
RD-F-100 green Flash loan >$10M targeting protocol tokens No evidence of malicious flash loan origination targeting Aave markets as of April 27. The April 18 attack was bridge-collateral contamination, not a flash-loan governance or oracle manipulation attack. Phase 2 signal.
RD-F-103 green Bridge signer-set change proposed/executed No unscheduled signer-set changes on a.DI (CCIP, LayerZero V2, Hyperlane) or GHO CCIP bridge as of April 27. The Kelp rsETH LayerZero OFT DVN (the attack vector) is a collateral-token bridge distinct from Aave's own governance delivery infrastructure. a.DI and GHO CCIP appear stable.
RD-F-105 green DNS/CDN/frontend hash drift No evidence of DNS hijacking, CDN changes, or frontend hash drift at aave.com or app.aave.com as of April 27. Official governance forum (governance.aave.com) and app (app.aave.com) appear operating normally per public evidence. Phase 2 signal.
RD-F-182 green Security-Council threshold reduction (RT) No Security Council threshold reduction at Aave. Guardian multisigs (Governance Guardian 5-of-9, Granular Guardian 5-of-9) have not undergone threshold reductions or timelock removals. The rsETH incident did not involve Aave governance weakening — it involved a third-party bridge (Kelp rsETH LayerZero OFT) DVN misconfiguration. F182 batch-24 signal (Drift Protocol precedent: 3/5→2/5 SC change + timelock removal 6 days before $285M exploit) is not applicable here.
Dev identity & insider risk Green 2 16 of 16
RD-F-117 yellow ENS/NameStone identity bound to deployer Neither deployer wallet (0xb90594ea nor 0x51f22ac8) has a bound ENS or NameStone name. Corporate ops wallets use Etherscan labels (Aave: Deployer) rather than ENS reverse records. Equivalent identification exists via Etherscan but ENS binding is absent. RD-F-184 gray Real-capital social-engineering persona No positive evidence that any Aave team contributor or external integrator persona has deployed ≥$1M of real-capital deposits to Aave or peer protocols as a social-engineering credibility-build. Lazarus Group rsETH deposits were adversarial drain actions, not credibility-building for team infiltration. BGD/ACI departures occurred via open governance, not under social-engineering pressure. M-only curation required; gray is correct absent curator-verified positive signal.
RD-F-111 green Team doxx status Categorical: real-name. Stani Kulechov (founder, public since 2017), Ernesto Boado (BGD Labs), Marc Zeller (ACI) are all fully doxxed with real names. Aave Labs is a registered entity. Highest doxxing category — real-name with track record.
RD-F-112 green Team public accountability surface Multiple verifiable public trails per team member: LinkedIn with work history, GitHub org membership (aave-dao, bgd-labs), conference appearances (ETHDenver, Devcon, EthCC), CoinDesk Most Influential listings. Accountability surface among highest in DeFi.
RD-F-113 green Team other-protocol involvement history No prior rug / exit-scam affiliations for any named team member. Stani Kulechov's prior protocol is ETHLend (legitimate Aave predecessor, same team). BGD Labs and ACI have clean track records. No cross-reference hits in hacksdatabase for team member EOAs.
RD-F-114 green Deployer address prior on-chain history Deployer 0xb90594ea funded from Kraken ~129 days pre-deploy; normal-dev-history. Deployer 0x51f22ac8 funded from Binance 2020; normal-dev-history. No linked-to-prior-rug classification. No mixer interactions on either wallet.
RD-F-115 green Prior rug/exit-scam affiliation No team member linked to prior rug or exit-scam via verified OSINT. ETHLend is a legitimate predecessor. BGD Labs and ACI are professional service organizations with clean records.
RD-F-116 green Contributor tenure at admin-permissioned PR BGD Labs has been primary technical service provider since 2022 (3+ years tenure at time of most recent admin-permissioned changes). ACI has been active delegate since 2022. No recent contributor with <90 days tenure made admin-permissioned code changes.
RD-F-118 green Handle reuse across failed/rugged projects No social handle for Aave team members has been associated with a prior rugged or failed project under a different alias. Stani Kulechov's @StaniKulechov has been consistent since 2017. BGD Labs and ACI are new organizations without prior alias history.
RD-F-119 green Commit timezone consistent with stated geography GitHub commit-hour distribution for aave-dao/aave-v3-origin and bgd-labs repositories is consistent with UK / Western-to-Central European time zones (GMT/BST/CET/CEST). Avara (parent company of Aave) is incorporated in the United Kingdom: AAVE LIMITED (Companies House #13729000, formerly 'Avara People Limited') is registered at 71-75 Shelton Street, Covent Garden, London WC2H 9JQ; AVARA LIMITED (Companies House #14456374) is registered in Hove, England. Founder Stani Kulechov is of Finnish origin, but the operational corporate HQ of Avara / Aave Companies is London (UK), not Finland. BGD Labs is a European-distributed organisation (no single HQ). No anomalous Pacific/Asian-hour concentration in commit history.
RD-F-120 green Video-off/voice-consistency flag Stani Kulechov appears on video at ETHDenver 2024, Devcon 7 (Bangkok), EthCC, and multiple podcast/interview appearances. Ernesto Boado has appeared in BGD governance videos. Marc Zeller has appeared in Aave governance calls. No video-off pattern.
RD-F-121 green Contributor OSINT depth score Curator-scored 5/5. Stani Kulechov: full LinkedIn work history (ETHLend 2017 → Aave), GitHub (aave-dao org founder), 10+ conference appearances, press interviews. Ernesto Boado: LinkedIn, GitHub @llabori (300+ public repos). Marc Zeller: LinkedIn, Twitter/X (80k+ followers), extensive governance forum track record.
RD-F-122 green Contributor paid to DPRK-cluster wallet No evidence that protocol payments to any contributor wallet have on-chain path ≤ 3 hops to DPRK-labeled cluster. BGD Labs and ACI compensated via Aave DAO treasury proposals (Aave Collector → BGD/ACI multisigs). Payment paths trace to Collector, not to DPRK-proximate addresses.
RD-F-123 green Sudden admin-rescue/ACL change without discussion All ACL changes routed through AIP process: Snapshot TEMP CHECK → governance forum ARFC → on-chain vote → Executor timelock (1-day Lvl1 or 7-day Lvl2). aave-dao/aave-proposals-reports provides public record of every payload. April 2026 Guardian freeze (emergency action) was publicly documented in governance forum incident thread within hours. No non-routine ACL change in past 180 days lacks corresponding governance discussion.
RD-F-124 green Deployer wallet mixer-funded within 30 days Primary v3 deployer 0xb90594ea5128a8178e132286dc2b7fbac7d7266c funded from Kraken (US-regulated CEX) ~129 days before deploy — well outside the 30-day window. No mixer (Tornado Cash / Railgun / similar) interaction in the 30-day pre-deploy window or at any time. Legacy deployer 0x51f22ac850d29c879367a77d241734acb276b815 funded from Binance 2020; no mixer interaction. Both wallets confirmed clean.
RD-F-125 green Deployer linked within 3 hops to DPRK/Lazarus Both deployer wallets trace hop-1 to regulated CEXes (Kraken, Binance). DPRK/Lazarus cluster proximity structurally infeasible from regulated-exchange-originated funding. Lazarus Group's April 2026 use of Aave as an exploit drain venue (89,567 rsETH deposited) is an adversarial user event scored in Cat 11 (F158) — no Aave team wallet intersects with Lazarus deposit addresses within 3 hops. No DPRK proximity for any team contributor wallet.
Fork / dependency lineage Green 11 10 of 10
RD-F-135 yellow Shared-library version with known-vuln status No CVE or GHSA advisory affecting the pinned OZ version used by Aave v3.6.0 identified. However, a git submodule SHA ambiguity was flagged in T-10 (whether deployed bytecode exactly matches the submodule pinned SHA). Not an adverse advisory finding but an unresolved verification gap. RD-F-126 n/a Is-a-fork-of Aave v3 is not a fork of any external protocol. It is the original upstream: an internal evolution from Aave v1 -> v2 -> v3 by Aave Labs. Other protocols fork Aave v3. RD-F-127 n/a Upstream patch not merged No external upstream exists for Aave v3 to miss patches from. N/A by construction. RD-F-128 n/a Upstream vulnerability disclosure (last 90d) No external upstream exists to have disclosed a vulnerability affecting this fork. N/A by construction. RD-F-129 n/a Code divergence from upstream (%) No upstream to diverge from. N/A by construction. RD-F-130 n/a Fork depth (generations from original audit) Fork depth = 0 for the upstream itself. N/A by construction. RD-F-131 n/a Fork retains upstream audit coverage Aave v3 generates the audit coverage that forks inherit. Its own audits assessed directly in Cat 1 (RD-F-004). N/A by construction. RD-F-132 n/a Fork has different economic parameters than upstream No upstream exists. Aave v3's own economic parameters are governance-set and assessed by independent risk teams. N/A by construction.
RD-F-133 green Dependency manifest uses unpinned versions The aave-v3-origin repo uses pinned versions for OpenZeppelin and other security-critical libraries with no ^ or ~ unpinned version ranges for security-critical deps. Confirmed in T-10 code-security assessment.
RD-F-134 green Dependency had malicious-release incident (last 90d) No malicious-release incident affecting Aave v3's npm/PyPI/crates.io dependencies flagged in trailing 90 days (Jan 27 – Apr 27, 2026). No GitHub security advisories affecting Aave's OZ or Solady dependencies identified.
Post-deploy hygiene & change mgmt Green 15 13 of 13
RD-F-136 yellow Deployed bytecode matches signed release tag v3.6.0 release tag exists at aave-dao/aave-v3-origin (2025-01-08). T-10 noted a commit SHA discrepancy between Governance Proposal 429 (b3ce634) and v3.6.0 release tag (5a230ec). This discrepancy was not resolved independently in this session. RD-F-143 yellow Reinitializable implementation (no _disableInitializers) VersionedInitializable uses a version integer stored in unstructured storage to prevent re-initialization. It does NOT call _disableInitializers() in the constructor (predates that OZ pattern). Implementation contract could in theory be initialized directly if version slot is in default state, though this would not affect proxy-delegated user funds. Latent footgun; has not been triggered in 50 months of v3.x upgrades. RD-F-145 yellow Deployed bytecode reproducibility Aave v3 publishes source-verified contracts on Etherscan. foundry.toml is present in repo with pinned solc 0.8.27. Reproducibility is achievable from repo + declared toolchain. Minor SHA discrepancy (lifted from T-10 F136) creates partial uncertainty. RD-F-146 yellow New contract deploys in last 30 days Ongoing market expansions across 21 chains produce periodic new deployment activity (MegaETH, Soneium visible in data cache). Each new deployment goes through governance review. New surfaces are reviewed but not individually enumerated here. RD-F-168 yellow Stale-approval exposure on deprecated router Aave v2 remains live in wind-down, creating a maintained surface for stale approvals. Aave v2 migrator and legacy periphery contracts (e.g., the Aug 2024 periphery exploit involved Paraswap adapters with stale approvals) represent a post-deploy hygiene gap. No active approval-cleanup governance action identified. RD-F-185 yellow Bridge rate-limiter / chain-pause as positive mitigant Aave's emergency mechanism is per-reserve freeze by the Granular Guardian (not an automated outflow rate-limiter). April 2026 rsETH incident demonstrated 75-minute Guardian freeze response across 11 deployments — fast human-coordinated circuit-breaker. No automated per-window rate-limiter. F185 is primarily bridge-specific; for lending protocols the analog is the emergency pause mechanism. Partial credit for the fast Guardian response but no automated rate-limiter exists.
RD-F-137 green Upgrade frequency (per 90 days) Implementation-level upgrades are infrequent (v3.6.0 was Jan 2025; last full implementation upgrade). Market-parameter updates via AIPs are frequent but do not constitute code upgrades. Low upgrade frequency for core protocol.
RD-F-138 green Hot-patch deploys without timelock (last 30 days) All recent deployments go through PayloadsController with Executor Lvl1 (1-day) or Lvl2 (7-day) delay. Guardian reserve freeze (April 2026 rsETH event) was emergency pause action, not a code deployment. No hot-patch deploys outside timelock identified in last 30 days.
RD-F-139 green Post-audit code changes without re-audit 470+ proposal reviews in aave-dao/aave-proposals-reports. Certora formally engaged as security reviewer for all AIPs since April 2024. v3.1-v3.6 each had dedicated multi-firm audit engagements. No Upgraded event in last 12 months lacks an audit artifact. Deepest post-audit hygiene process in DeFi.
RD-F-140 green Fix-merged-but-not-deployed gap No known case of a security-critical fix merged to aave-v3-origin without subsequent governance deployment. Certora FV is continuous. All v3.x patches have been deployed through governance.
RD-F-141 green Test-mode parameters in deploy v3.6.0 is production deployment. No test-mode parameters (test oracle, infinite allowance, admin=deployer) identified. 50-month operational history with multiple security reviews and Certora FV makes test-mode parameters extremely unlikely.
RD-F-142 green Storage-layout collision risk across upgrades v3.0 through v3.6 upgrade series has not produced storage collision incidents across 50 months. Multiple auditors (Certora FV with storage invariants, MixBytes, Pashov, Blackthorn) have reviewed upgrade paths. OZ upgrades plugin is standard in the deployment toolchain.
RD-F-144 green CREATE2 factory permits same-address redeploy Aave v3 uses transparent proxy pattern, not CREATE2 factory redeployments to the same address. No CREATE2 redeployment risk identified.
Cross-chain & bridge Green 19 12 of 12
RD-F-148 yellow Bridge validator count (M) a.DI uses multiple bridge adapters (CCIP, LayerZero V2, Hyperlane, native bridges) — architecturally multi-validator by design. CCIP: Chainlink DON (established, geographically diverse). Hyperlane: independent validator network. Native bridges: chain-specific. Specific validator counts per adapter not confirmed by on-chain read. GHO CCIP: Chainlink DON only. Note: rsETH incident involved Kelp DAO's own LayerZero OFT (1/1 DVN) — NOT a.DI. RD-F-149 yellow Bridge validator threshold (k-of-M) a.DI uses requiredConfirmations per destination chain — the number of bridge adapters that must independently deliver a message before execution. Documentation recommends >2. Specific per-chain requiredConfirmations values not confirmed from public sources. If any chain uses confirmations=1, governance messages to that chain could be forged by a single compromised adapter. If confirmations ≥ 2 for all chains, this is a strong positive (multi-bridge threshold). On-chain read of CrossChainController.getConfigsByChain() or equivalent required. RD-F-150 yellow Bridge validator co-hosting a.DI's multi-bridge design (CCIP + LZ + Hyperlane + native) inherently reduces co-hosting risk since each bridge uses different validator infrastructure. Full validator co-hosting analysis per bridge not performed in this assessment (OSINT lift). Architectural design is favorable for co-hosting independence. RD-F-155 yellow Bridge validator-set rotation recency a.DI bridge adapter set is controlled by CrossChainController owner (Aave Governance). Adapter addition/removal requires governance proposal + timelock. Specific timing of most recent adapter-set change not confirmed from public sources — on-chain event log inspection of CrossChainController required. CCIP DON rotation is managed by Chainlink independently. RD-F-156 yellow Bridge uses same key custody for >30% validators For a.DI: multi-bridge design (CCIP + LZ + Hyperlane + native) means no single key custodian controls >30% of validation capacity since each bridge has independent validator sets. For GHO CCIP specifically: GHO cross-chain is 100% reliant on CCIP — a single bridge provider handles all GHO cross-chain transfers. No secondary bridge for GHO exists. If CCIP experiences key custody concentration or operational failure, GHO cross-chain liveness degrades completely. RD-F-157 yellow Bridge TVL per validator ratio a.DI governs a protocol with $14.06B TVL across 21 chains. The governance delivery bridge delivers messages (not TVL itself) but controls protocol parameters affecting all $14.06B. GHO CCIP: total GHO L2 circulating supply determines TVL-at-risk for CCIP compromise; specific GHO L2 supply not obtained in this assessment. High conceptual TVL-per-validator ratio for a.DI given protocol TVL scale. RD-F-179 yellow LayerZero OFT DVN config (count, threshold, diversity) Two distinct LayerZero surfaces: (1) a.DI's LZ V2 adapter — DVN configuration not confirmed from public sources; data cache layerzero.present=false (no single OApp address identified); profile confirms LZ V2 is among a.DI's bridge adapters; multi-bridge architecture (CCIP + LZ + Hyperlane + native) means LZ is not sole transport, mitigating sole-LZ-DVN failure for governance delivery. (2) Accepted collateral tokens as LayerZero OFTs — rsETH was a LayerZero OFT with 1/1 DVN (single DVN, single required verifier), exploited April 2026 ($123-230M bad debt). This is not Aave's own bridge but a collateral dependency. The 1/1 DVN configuration was flagged in Aave governance forum 15 months before the exploit. For a.DI itself: on-chain read of LZ endpoint DVN config for a.DI's adapter required for full verification.
RD-F-147 green Protocol has bridge surface Yes — three confirmed bridge surfaces: (1) a.DI CrossChainController (0xEd42a7D8559a463722Ca4beD50E0Cc05a386b0e1) for governance delivery using CCIP + LZ V2 + Hyperlane + native bridges; (2) GHO CCIP bridge for cross-chain GHO transfers (Ethereum <-> Arbitrum, Base, Avalanche); (3) Accepted collateral tokens that are LayerZero OFTs (rsETH exploited April 2026). Factor gates Cat 10 — confirmed bridge-touching.
RD-F-151 green Bridge ecrecover checks result ≠ address(0) a.DI uses confirmation-counting across authorized bridge adapters, not ecrecover-based signature verification. The ecrecover vulnerability pattern (Wormhole/Poly class) requires a verifier contract that can accept address(0) from a malformed signature — a.DI does not use this pattern. CCIP uses Chainlink DON off-chain attestation. Nomad/Wormhole ecrecover pattern not present.
RD-F-152 green Bridge binds message to srcChainId a.DI CrossChainController binds messages to source chain context through the envelope structure (sender, origin chain, destination chain). Per-chain adapter registry and confirmation-counting are chain-scoped. Cross-chain replay would require the same message to be valid on a different chain, which the chain-scoped design prevents.
RD-F-153 green Bridge tracks nonce-consumed mapping a.DI CrossChainReceiver (CCR) tracks message delivery state — each envelope has a unique ID derived from its content and source. Confirmation-counting mechanism increments per bridge per unique envelope ID; duplicate delivery attempts from the same bridge are rejected. Replay protection is built into the confirmation-counting architecture.
RD-F-154 green Default bytes32(0) acceptable as valid root a.DI does not use Merkle-root validation. The Nomad bug class (bytes32(0) accepted as valid root) requires a root-based inbox pattern. a.DI's confirmation-counting architecture has no Merkle root to initialize to zero. CCIP uses its own validation mechanism that also does not involve a Merkle root.
Threat intelligence & recon Yellow 29 8 of 8
RD-F-158 red Known-threat-actor cluster has touched protocol Lazarus Group (DPRK TraderTraitor) directly used Aave v3 as the drain venue in the April 18 Kelp DAO exploit. 89,567 fraudulent rsETH deposited into Aave v3 Ethereum Core Market; approximately $196-236M WETH, USDT, USDC borrowed. Attribution confirmed by: (1) LayerZero post-mortem April 20 2026 (primary — LayerZero Labs official attribution); (2) Chainalysis KelpDAO bridge exploit blog April 2026 (secondary); (3) multiple blockchain analytics firms. At April 27: attribution not walked back by any authoritative source. OFAC new address listings specific to April 18 wallets: not confirmed in public sources as of April 27 (existing Lazarus cluster addresses on OFAC SDN list, but specific wallets' SDN listing status unconfirmed). Bad debt ($123-$230M) remains unresolved — DeFi United at ~$160M of $200M target raised (CoinDesk April 26). Note: Aave is the victim venue, not a DPRK-controlled protocol — F158 fires because Lazarus *interacted with* the protocol, not because team/deployers are RD-F-161 yellow Protocol-impersonator domain registered (typosquat) Multiple AAVE typosquat domains documented per T-10 (F161 yellow). The BGD Labs and ACI service provider departures (April 2026) elevate impersonation risk: communications about 'Aave's new development team' or 'emergency governance actions' are prime social-engineering vectors. No confirmed coordinated typosquat campaign targeting protocol-level interactions as of April 27. RD-F-163 yellow Avg attacker reconnaissance time for peer-class protocols Peer-class reconnaissance time is high: Lazarus / DPRK operations (USPD pattern) typically involve 60-90 day reconnaissance windows before strike. Chainalysis and security analysts have documented pre-strike preparation activity for the April 18 attack. This is a historical standing risk indicator for the lending protocol class, not a current alert (reconnaissance completed for the April 18 attack). Yellow as forward-looking risk assessment. RD-F-165 yellow Protocol social channel has scam-coordinator flag Elevated social scam risk during organizational transition (BGD Labs and ACI departures). Aave Discord and Telegram channels likely experienced elevated impersonation activity during and after the incident. No formally curator-flagged scam-coordinator detected in public sources as of April 27. Yellow as standing risk given organizational flux. RD-F-159 gray Attacker wallet pre-strike probe (low-gas failing txs) v1-deferred. No publicly documented mempool probe pattern prior to the April 18 attack. Attack vector operated at bridge layer (DVN compromise), not via mempool-level protocol reconnaissance. Cannot assess without live mempool + threat-actor cluster feed.
RD-F-160 green GitHub malicious-dependency incident touching protocol deps No GitHub security advisories flagging malicious dependencies in aave-dao/aave-v3-origin or bgd-labs/aave-address-book in the trailing 90 days. The April 18 attack did not involve supply-chain compromise of Aave's own code dependencies.
RD-F-162 green Known-exploit-template selector deployed by any address No new contract deployments containing exploit-template selector patterns targeting Aave pool functions detected in public sources as of April 27. The April 18 attack was a bridge-level event, not a function-selector exploit of Aave pool contracts.
RD-F-164 green Leaked credential on paste/sentry site No evidence of Aave protocol infrastructure credentials leaked on public paste sites or sentry/monitoring services as of April 27. The April 18 attack did not involve leaked Aave credentials; it involved a compromised third-party bridge DVN.
Tooling / compiler / AI Green 8 5 of 5
RD-F-170 yellow Solc version used (known-bug versions flagged) v3.6.0 compiles with solc 0.8.27. Current stable is 0.8.34 (7 minor versions behind). Known bug TransientStorageClearingHelperCollision (fixed in 0.8.34) requires --via-ir flag to activate. Aave v3.6.0 does NOT use --via-ir (uses Shanghai EVM without IR pipeline), so the specific known bug is non-applicable to current deployments. Yellow because compiler is significantly behind and future configuration changes could activate unmitigated bugs. RD-F-171 n/a Bytecode similarity to audited upstream with behavior deviation Aave v3 is the original upstream — not a copy of another audited protocol. The AI-copy risk pattern (high bytecode similarity to audited-upstream with behavior deviation) does not apply to the source protocol itself.
RD-F-172 green Repo shows AI-tool co-authorship in critical files T-10 noted 'No AI co-authorship detected.' Inspection of aave-dao/aave-v3-origin commit history shows no Co-authored-by GitHub Copilot or ChatGPT commit trailer patterns in critical contract files. Repository has professional commit history consistent with Aave Labs / BGD Labs authorship since 2022.
RD-F-173 green Team self-disclosure of AI-generated Solidity No public disclosure from Aave Labs, BGD Labs, or any Aave contributor mentioning AI-generated Solidity in security-critical contracts found in governance forum posts, blog posts, or documentation.
RD-F-174 green Dependency tree uses EOL Solidity version v3.6.0 uses solc 0.8.27. Solidity 0.8.x is the active supported major version — not EOL. The compiler is behind current stable (0.8.34) but not end-of-life.
Response & disclosure hygiene Green 17 4 of 4
RD-F-176 yellow Disclosure SLA public No explicit acknowledgment-time SLA (e.g., '72h ack guaranteed') found on aave.com/security or the Immunefi program page. Immunefi platform publishes standard payout SLAs but the protocol itself has not declared a named ack-SLA. Yellow: SLA not published. Consistent with T-10 finding. RD-F-178 yellow CVE/GHSA advisory issued against protocol No CVE (Common Vulnerabilities and Exposures) or GHSA (GitHub Security Advisory) formally filed for any Aave vulnerability. The stable rate vulnerability (Nov 2023) would have qualified for a GHSA. Aave discloses via governance forum posts, not CVE/GHSA registries. Yellow: no formal public advisory filings. Consistent with T-10 finding.
RD-F-175 green Disclosure channel exists security@aave.com published on aave.com/security. Immunefi program active ($1M max, 83 in-scope assets). Sherlock secondary program active. Multiple redundant disclosure channels. BGD departure creates transition risk but channels remain active through at minimum June 2026 retainer period.
RD-F-177 green Prior known-ignored disclosure No evidence in any published post-mortem that a disclosure to the Aave team was ignored pre-exploit. The January 2025 governance forum warning about Kelp's 1/1 DVN was a public forum flag about a third-party (Kelp's) bridge configuration, not a private disclosure to Aave about an Aave vulnerability. Aave had no authority to fix Kelp's bridge. No prior post-mortem documents a disclosed Aave vulnerability that was ignored. Green.
rubric_version v1.7.0 graded_at 2026-05-12 04:38:07 factors 184 protocol aave-v3