aave.com
Summary
Aave V3 is the dominant decentralized lending protocol (~$12.5B TVL across 20+ chains) with a core pool that has never been directly exploited and an audit history (OpenZeppelin, Trail of Bits, Certora, Sherlock, ABDK) that few competitors match. That pedigree is cold comfort after April 2026: a KelpDAO LayerZero bridge failure minted unbacked rsETH that Aave accepted as collateral, leaving an estimated ~$124M in unresolved bad debt and cutting TVL from ~$26B to ~$14B. Dependency risk scores 7.5/10—the highest dimension—while guardian multisigs retain veto and pause powers outside normal DAO votes. Overall risk is moderate-elevated at 5.3/10: a mature, heavily audited protocol whose recent losses came from things it listed, configured, or trusted rather than from broken pool math.
Trust Assumptions
Depositors must trust that Chainlink price feeds stay accurate and timely—AaveOracle reads latestAnswer() without on-chain staleness checks—and that risk stewards (Chaos Labs) will not misconfigure CAPO overlays, as happened in March 2026 when a wstETH parameter error triggered ~$26–27M in wrongful liquidations. They must trust collateral issuers' bridge security: Aave listed rsETH without verifying KelpDAO's 1-of-1 LayerZero DVN, inheriting a ~$124M hole when it failed. Users of the official interface must also trust that periphery adapters (ParaSwapRepayAdapter) are as safe as the audited core—they are not; one was exploited for ~$95k in 2024 and remains outside Immunefi bounty scope. Finally, they trust that the 5/9 Governance Guardian and 4/7 Protocol Guardian multisigs use emergency powers responsibly and stay uncompromised, and that the DAO will fairly resolve bad debt rather than socializing losses onto passive depositors.
What Could Go Wrong
A bridged or restaked collateral asset could again mint unbacked tokens off-chain while Aave values it at market price, enabling nine-figure borrows before Protocol Guardians freeze markets—depositors and Umbrella stakers (~$460M coverage, insufficient for rsETH-scale losses) absorb the shortfall. Stale Chainlink feeds or steward misconfiguration could trigger mass wrongful liquidations without a governance vote, repeating the CAPO incident at larger scale. Guardian multisigs could pause markets during volatility (trapping users) or be compromised to veto legitimate governance; meanwhile unaudited ParaSwap periphery contracts retain residual allowance patterns from the August 2024 exploit, and GHO's ~$584M supply faces peg pressure if collateral quality deteriorates further.
Recommendation
Aave core lending is suitable for mainstream assets on Ethereum mainnet with conservative LTV usage, but not a set-and-forget vault—size positions assuming external dependencies fail, not just smart-contract bugs. Avoid or minimize exposure to bridge-wrapped and restaked collateral (rsETH precedent), do not treat Immunefi coverage as protecting UI-layer adapters, and monitor rsETH bad debt resolution, CAPO parameter changes, and any guardian signer rotation. Umbrella stakers, GHO holders, and users on newer chain deployments bear disproportionate tail risk and should keep allocations small until risk-steward guardrails tighten and the ~$124M rsETH shortfall is resolved. Reduce allocation if BGD Labs' departure degrades upgrade review quality or if new collateral listings skip independent bridge audits.
Key Findings (30)
Analysis Sections
Aave V3 is controlled by on-chain Governance V3 on Ethereum: AAVE/stkAAVE holders vote via VotingMachine portals, approved payloads queue on PayloadsController with tiered Executor timelocks (Level 1 ~1 day, Level 2 ~7 days), and CrossChainController relays execution to 20+ chains. Verified on-chain: GovernanceGuardian Safe is 5-of-9 (0xCe52ab41…), Protocol Guardian is 4-of-7 (0x2CFe3ec4…), Executor_lvl1 owner is PayloadsController and PoolAddressesProvider owner is Executor_lvl1. Residual risks: dual guardian emergency powers, BGD-controlled GranularGuardian/PermissionedPayloadsController paths, risk stewards with delegated parameter authority, legacy BridgeExecutors on some L2s, and Aave Labs holding off-chain product/IP separate from DAO treasury.
Findings (10)
The GovernanceGuardian at 0xCe52ab41C40575B072A18C9700091Ccbe4A06710 is a Gnosis SafeProxy. On-chain verification confirms threshold 5 and 9 owners (community-elected entities including Certora, DeFi Saver, Balancer, Lido representatives). This Safe can cancel Governance V3 proposals, cancel queued PayloadsController payloads, rescue misconfigured voting portals, and invoke GranularGuardian.solveEmergency on CrossChainController. These are intentional safety valves but constitute centralized veto over DAO-approved actions.
Separate from the Governance Guardian, the Aave Protocol Guardian Safe (0x2CFe3ec4d5a6811f4B8067F0DE7e47DfA938Aa30) is verified on-chain as 4-of-7. It holds EMERGENCY_ADMIN on ACLManager and can call setPoolPause/setReservePause and setReserveFreeze on PoolConfigurator—potentially halting user activity on short multisig notice. Service providers Chaos Labs, LlamaRisk, BGD Labs, Certora, and others are documented signers.
PayloadsController enforces per-access-level execution delays between MIN_EXECUTION_DELAY (86,400s / 1 day) and MAX_EXECUTION_DELAY (864,000s / 10 days), with payload expiration at EXPIRATION_DELAY (~3,024,000s / 35 days). Level 1 (Executor 0x5300A1a1…) handles routine protocol ops with ~1-day queue; Level 2 (Executor 0x17Dd33Ed…) controls ProxyAdminLong and governance contract upgrades with ~7-day queue per activation docs. Upgrades to PayloadsController itself require the strictest executor level.
GranularGuardian (0x4457cA11…) is not upgradeable and routes CrossChainController emergency functions: BGD address (0xb812d094…) holds RETRY_ROLE for retryEnvelope/retryTransaction; GovernanceGuardian Safe holds SOLVE_EMERGENCY_ROLE for solveEmergency; Executor_lvl1 is DEFAULT_ADMIN for updateGuardian. Contract source is unverified on Etherscan in this workspace, increasing audit opacity despite permissions-book documentation.
Governance V3 routes approved payloads from Ethereum CrossChainController to per-chain PayloadsControllers (e.g., Arbitrum 0x89644CA1…, Base 0x2DC219E7…, Polygon 0x401B5D02…). On-chain verification shows L2 Executor_lvl1 contracts are owned by their local PayloadsController (Arbitrum owner 0x89644ca1…, Polygon 0x401b5d02…). Each L2 also deploys chain-specific GranularGuardian and GovernanceGuardian addresses (e.g., Arbitrum guardian 0x1A0581dd…). Legacy BridgeExecutors (Arbitrum/Polygon/Optimism 0x7d910357…) remain deployed with L2 timelock+guardian cancel paths, creating overlapping governance infrastructure that must stay configuration-aligned.
Beyond governance votes, Chaos Labs and other stewards can adjust caps, rates, and oracle configurations within bounded roles (e.g., PoolConfigurator onlyRiskOrPoolAdmins). The March 2026 CAPO misconfiguration for wstETH triggered wrongful liquidations, demonstrating that steward errors can cause user harm without a full DAO vote. Stewards are service providers, not on-chain elected entities.
A separate PermissionedPayloadsController (0xF86F77F7…) with BGD as guardian and AFC as payloads manager can create/cancel payloads and set execution delays outside the standard permissionless PayloadsController flow. While scoped to operational/maintenance actions, this is a non-DAO-controlled execution lane that bypasses community proposal requirements for its permitted actions.
In the fetched contract set, Governance V3 core proxy (0x9AEE0B04…), GranularGuardian (0x4457cA11…), and ACLManager on several chains lack verified source on Etherscan. Proxy shells (PayloadsController, CrossChainController) are verified but implementation logic requires trust in off-chain audits and permissions-book mappings. Adversarial reviewers cannot fully audit bytecode from explorers alone.
On-chain control rests with Aave DAO (Governance V3, treasury Collector, service-provider mandates). Aave Labs (founder Stani Kulechov) historically developed the protocol and operates the aave.com frontend/product layer; brand, IP, and frontend routing are not fully on-chain and have been subject to community debate. No Aave Labs EOA or contract appears as owner of core pool/governance contracts—Labs influence is off-chain via product and historical reputation, not direct admin keys.
Ethereum hosts the Governance V3 core (0x9AEE0B04…), PayloadsController (0xdAbad81…), VotingMachine (0x06a1795a…), and CrossChainController (0xEd42a7D8…). Proposals are created on Ethereum, voted via storage-proof VotingMachines (Ethereum, Polygon, Avalanche portals), and execution payloads are registered per chain then queued through PayloadsControllers. Executor contracts are immutable Ownable executors; PayloadsController is the sole owner of Executor_lvl1/2 and invokes executeTransaction after timelock expiry.
Governance Checklist
Guardian Multisigs (Ethereum, verified on-chain)
| Role | Address | Threshold | Key powers |
|---|---|---|---|
| Governance Guardian | 0xCe52ab41C40575B072A18C9700091Ccbe4A06710 | 5 / 9 | cancelProposal, cancelPayload, solveEmergency (cross-chain) |
| Protocol Guardian | 0x2CFe3ec4d5a6811f4B8067F0DE7e47DfA938Aa30 | 4 / 7 | setPoolPause, setReservePause, setReserveFreeze |
| GranularGuardian | 0x4457cA11E90f416Cc1D3a8E1cA41C0cdEcC251d4 | Role-based | RETRY (BGD), SOLVE_EMERGENCY (Gov Guardian), admin (Executor_lvl1) |