Aave To Vote On Restoration Plan Following Market Freezes
Aave pauses services after identifying security vulnerability concerning fixed-rate borrowing
By: Samuel Haig •DeFi News
The community for Aave, the leading DeFi lending protocol, will soon start voting on a proposal to rectify recently identified security vulnerabilities across its v2 and v3 deployments. The proposal would also restart several markets paused by the protocol on Nov. 4.
BGD Labs, a cohort of web3 developers and Aave contributors, uploaded the proposal on Nov. 7, with voting set to commence on Nov. 8. Voting will close on Nov. 11. The proposal relates to all pools offering stable rates in addition to variable interest for borrowers, effectively ceasing the minting of new stable debt tokens.
“In response to an attack vector reported by a white-hat, some immediate steps were taken to protect the Aave Pools by pausing, freezing, and disabling stable borrowing on the affected assets,” BGD Labs said. “Upon further investigation it turned out to be necessary to also prevent new minting of StableDebt.”
The proposal’s code has already been tested by BGD Labs and reviewed by Aave Companies and the smart contract security firm, Certora.
The AAVE token is trending sideways in response to the news.
On Nov. 4, Aave announced it had received reports identifying security issues relating to a “certain feature” of the Aave Protocol.
In response, Aave paused its entire v2 Ethereum market and certain assets on its Avalanche v2 deployment, and froze particular assets across its v3 deployments on Polygon, Arbitrum, and Optimism. On Nov. 6, Aave froze the v3 markets for USDC, USDT, DAI, and EURS markets on Polygon, Optimism, and Arbitrum.
Users can not deposit tokens or borrow frozen assets, but can still repay positions and withdraw assets from the protocol. Aave added that no user funds are at risk.
BGD Labs said it designed the “Liquidations Grace Sentinel” providing a delay on liquidations so users can adjust at-risk positions once functionality for the frozen assets is restored. The feature will be activated at the time that normal services resume.