Stale-approval exposure on deprecated router

Aave v3's assessment for RD-F-168 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

Aave v2 remains live in wind-down, creating a maintained surface for stale approvals. Aave v2 migrator and legacy periphery contracts (e.g., the Aug 2024 periphery exploit involved Paraswap adapters with stale approvals) represent a post-deploy hygiene gap. No active approval-cleanup governance action identified.

Sources #

Governance
Aave Periphery Contracts Incident - stale approval surfacePeriphery Contracts Incident August 2024retrieved 2026-04-27

Methodology #

Count the number of active user approvals (ERC-20 `allowance`) to deprecated router or protocol contracts.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol aave-v3 factor RD-F-168 score yellow collected_at 2026-04-27 23:28:46