Auditor re-engaged after last exploit

Aave v3's assessment for RD-F-083 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

For rsETH/Kelp: root cause was external (Kelp's LayerZero DVN config). No Aave contract vulnerability was found. No specific post-incident targeted audit of Aave's collateral onboarding or LRT acceptance criteria announced. Certora continuous FV and multi-firm audit cadence provide ongoing coverage but no explicit post-incident re-engagement. Yellow: ongoing auditor engagement present but no specific incident-triggered re-audit announced.

Sources #

Docs
Aave Security — ongoing audit cadence documentationaave.com/securityretrieved 2026-04-27

Methodology #

Determine whether a reputable auditor performed a re-audit or incident review after the most recent exploit.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol aave-v3 factor RD-F-083 score yellow collected_at 2026-04-27 23:28:46