In response to the $290 million KelpDAO rsETH bridge exploit in April, Aave [AAVE] founder Stani Kulechov has outlined a new risk framework for the protocol.
On the way to X, Kulechov wrote:
In recent weeks, Aave has developed a new risk framework that includes asset risk, bridging risk, chain risk and advanced risk management automation capabilities.
The framework establishes new guidelines for how Aave evaluates, tracks and controls risks throughout the protocol.
Once approved, the risk framework will be implemented across all assets and markets. In the coming weeks, assets that do not meet the new standard will be removed from Aave.
Details of the multiple layers: why is this important?
The framework is designed with four main layers. Firstly, asset risk, including possible delisting, monitoring, due diligence and onboarding. Next is Bridging Risk, which sets security standards for assets transferred between chains.
The third layer is Automated Risk Oracles and Monitoring, which provides automated defense against emerging threats and continuous monitoring. Finally, Chain Risk evaluates the suitability of a blockchain for Aave deployment and determines the maximum exposure that assets can have to it.
What is behind this framework that is being created?
The decision was made following an exploit in April that saw the LayerZero-powered cross-chain bridge Kelp DAO lose 116,500 rsETH tokens. When the operator deposited a significant portion of the stolen assets into Aave V3, the attack then expanded to the Aave protocol.
Meanwhile, Aave’s price fell 2.16% to $60.95 the previous day. Additionally, Aave’s TVL also saw a move of over $170 million this week, bringing it to around $14.75 billion, as reported by AMBCrypto. However, that is a significant departure from the mid-April level of more than $25 billion.
Final summary
- All assets listed on Aave V3, V4 and Aave Horizon are subject to the new requirements.
- The proposal covers the underlying blockchain, bridge infrastructure, issuer behavior and ongoing monitoring requirements.