Aave’s community is preparing to vote on a proposal to address security vulnerabilities in its v2 and v3 deployments and resume markets paused on November 4. BGD Labs, a group of web3 developers and Aave contributors, introduced the proposal on November 7. Voting will start on November 8 and conclude on November 11. The proposal pertains to pools providing stable rates and variable interest for borrowers, with the aim of halting the creation of new stable debt tokens.
“In response to an attack vector reported by a white-hat, some immediate steps were taken to protect the Aave Pools by pausing, freezing, and disabling stable borrowing on the affected assets,” BGD Labs said. “Upon further investigation it turned out to be necessary to also prevent new minting of StableDebt.”
The proposal’s code has already been tested by BGD Labs and reviewed by Aave Companies and the smart contract security firm, Certora.
The AAVE token is trending sideways in response to the news.
Security Risk
On Nov. 4, Aave announced it had received reports identifying security issues relating to a “certain feature” of the Aave Protocol.
In response, Aave paused its entire v2 Ethereum market and certain assets on its Avalanche v2 deployment, and froze particular assets across its v3 deployments on Polygon, Arbitrum, and Optimism. On Nov. 6, Aave froze the v3 markets for USDC, USDT, DAI, and EURS markets on Polygon, Optimism, and Arbitrum.
Users can not deposit tokens or borrow frozen assets, but can still repay positions and withdraw assets from the protocol. Aave added that no user funds are at risk.
BGD Labs said it designed the “Liquidations Grace Sentinel” providing a delay on liquidations so users can adjust at-risk positions once functionality for the frozen assets is restored. The feature will be activated at the time that normal services resume.
