Aave is proposing a risk framework designed to govern assets listed across Aave V3, V4, and Aave Horizon, following April's KelpDAO exploit. The exploit saw attackers mint roughly $292 million in unbacked rsETH through KelpDAO's LayerZero bridge and use the asset as collateral on Aave. The framework introduces stricter standards for asset onboarding, bridge configuration, monitoring systems, and chain deployments to address weaknesses in bridge infrastructure and offchain systems that can create protocol-wide risk.
Aave Framework Establishes Four-Layer Risk Structure
The framework is structured around four layers: asset risk, bridging risk, monitoring and automated risk oracle systems, and chain risk. Under the asset risk layer, every listed asset would need to meet requirements tied to audits, bug bounty coverage, liquidity, timelocks, signing authority, legal disclosures, backing visibility, and issuer operations. Missing or materially weak bug bounty coverage, unresolved audit findings, no timelocks on critical upgrade paths, undisclosed signer structures, or opaque backing arrangements would be treated as hard block conditions. The framework makes asset reviews a continuous process rather than a one-time approval, with each asset facing a quarterly due diligence refresh. Out-of-cycle reviews would be triggered by material changes such as new chain deployments, contract upgrades, bridge route changes, oracle updates, or shifts in reserve backing.
Bridge Security Requirements Include Independent Verifiers and Rate Limits
Aave's bridge risk layer introduces rules for cross-chain assets. Bridge routes would need documented topology, at least three independent verifiers, timelocked authority changes, separate pause pathways, per-route rate limits, 24/7 incident response coverage, and dedicated monitoring teams. The proposal includes new standards around bridge disclosures, verifier independence, rate limits, automated monitoring, and defensive freeze mechanisms. Routes that fall short of mandatory bridge requirements could face lower caps, lower loan-to-value ratios, or restrictions on cross-chain expansion. The framework also sets standards for the chains where Aave deploys, with chains having weaker infrastructure, liquidity, governance, or monitoring support facing tighter limits across every asset listed there.
Automated Monitoring Enables Asset Freezes Before Governance Response
The framework adds defenses for risks that can spread before governance has time to react. Aave would be able to automatically freeze assets or reduce exposure when warning signs appear, while any move to restore limits would still require human review. Aave's Risk Stewards would handle recovery and parameter changes after an alert, while Umbrella would act as the final safety layer if losses still reach the protocol.
FAQ
What triggered Aave's proposal for a stricter risk framework?
Aave proposed the framework following April's KelpDAO exploit, in which attackers minted roughly $292 million in unbacked rsETH through KelpDAO's LayerZero bridge and used the asset as collateral on Aave. The exploit exposed weaknesses in bridge configuration and offchain infrastructure.
What are the four layers of Aave's proposed risk framework?
The framework is structured around four layers: asset risk, bridging risk, monitoring and automated risk oracle systems, and chain risk. These layers define how assets are evaluated before listing, how they are reviewed after onboarding, and when exposure should be reduced or deprecated.
