Simple Summary

Proposal for the Aave DAO to host a Sherlock contest for the upcoming Aave v3.3 upgrade, to complement the other security procedures already completed or in progress.

The total budget will be $230'000, with a $195'000 fixed prize pool and the rest ($35,000) allocated to the platform and judging fees.

Motivation

In the middle of December 2024, we shared with the community a proposal for an Aave v3.3 upgrade, focused on adapting the protocol for the upcoming Umbrella system (a new iteration of the Aave Safety Module), together with doing different improvements mainly on the liquidation engine.

The reception by the community has been positive, and since then we have been doing internal reviews and different security procedures. In addition to those, and similar to how we proposed back in Aave v3.1 with Cantina, we think due to the nature of this upgrade it can be pretty positive to have an open security contest to maximize the numbers of experts looking for any type of problem in the codebase.

Even if the experience and outcome with Cantina was pretty positive, part of our security approach is to try different providers, whenever they look solid quality-wise, and/or introduce new mechanics, like in the case of Sherlock.

Specification

The high-level structure of the contest can be found on the Aave governance forum HERE.

This proposal releases the budget required for the contest from the Aave Collector:

• 30'000 USDC to BGD Labs, to refund the part advanced to Sherlock post-ARFC (transaction HERE).
• 200'000 USDC to Sherlock, to cover the rest of the contest budget.

References

• Implementation: AaveV3Ethereum
• Tests: AaveV3Ethereum
• Snapshot
• Discussion

Copyright

Copyright and related rights waived via CC0.