AAVE v3

Lending

Aave is a decentralized non-custodial liquidity protocol where users can participate as depositors or borrowers. Depositors provide liquidity to the market to earn a passive income, while borrowers are able to borrow in an overcollateralized (perpetually) or undercollateralized (one-block liquidity) fashion.

Chain
TVL
＄1.87M
Native token
AAVE
View on CoinGecko
Protocol key links
Website Gitbook Twitter

Risk Rating

Safe

Assessment: 2024-2-16

Risk Assessment

Security History

Monitoring

Overall Score

93%

Safe

Assessor
Kop, Supergu
Assessment Date
2024-2-16

Not yet undergone Underwriting review

AAVE is a prominent lending protocol with the largest Total Value Locked (TVL) in the DeFi lending category, showcasing strong technical capability and economic design. The founder and core team possess the relevant experience to drive the protocol forward. However, we have some concerns about potential risks including the governance risk stemming from a fairly high token ownership concentration, and the economic risks caused by an absence of both a fallback oracle and a price check mechanism to handle abnormal price feeds from the sole oracle.

Economic
Evaluate possible financial and economic risks depending on the project type (e.g., for lending, check the collateralization system), protection against CVEs (Common Vulnerabilities and exploits), oracle risks, and systemic concerns.

93%

Features state-of-the-art lending protocol collateralization mechanism design

Accepts only highly liquid assets as collateral

There is no fallback oracle, though we do understand the difficulty to find a reliable fallback oracle other than Chainlink.

No price check mechanism is present to handle abnormal price feed from oracle

Operation
Look into the team's experience, track record, and project governance. Consider legal and counterparty risks that may impact the project.

83%

AAVE's Gitbook shows comprehensive understanding of protocol risk exposure along with effective mitigation methods.

The protocol has relatively lower legal and regulatory risk compared to other protocols. Founder's legal background and knowledge is a plus.

Fairly high token holding concentration with top 100 wallets holding over 80% of total token supply. Source: Certik Skynet

AAVE suffered 1.6 million in bad debt due to a failed attack. Source: Coin Edition

Technical
Understand the security of the app, code quality, and controls in place. Check how well it was developed, tested, and reviewed by third parties.

98%

Undergone multiple audits as well as formal verification by Certora. The Audit is done by top-tier firms such as OpenZeppelin & Trail of Bits.

Clear admin & access control documentation with well-designed timelock and pause control

The auto-scan results indicate insufficient Web2 security, potentially leading to Web2 vulnerabilities such as DNS hijacking.