Simple summary

Proposal to apply a fix on Aave v3 for all different instances.

Motivation

During an internal security review, a technical problem on Aave v3 has been detected. After coordinating with the Aave Guardian to apply protective measures, this proposal applies a fix on all Aave v3 instances, that completely solves the issue.

Specification

The proposal does an upgrade of the Aave Pool, on all different Aave instances, by calling the setPoolImpl() function on the PoolAddressesProvider smart contract. In order to not disclose the patch in advance, the code will be verified just before execution. We have disclosed the code to contributors of the community (Certora, Avara, and extra security researchers) for them to certify in the governance forum thread about the legitimacy of the upgrade.

References

• Implementation: AaveV3Ethereum, AaveV3Polygon, AaveV3Avalanche, AaveV3Optimism, AaveV3Arbitrum, AaveV3Base, AaveV3Gnosis
• Tests: AaveV3Ethereum, AaveV3Polygon, AaveV3Avalanche, AaveV3Optimism, AaveV3Arbitrum, AaveV3Base, AaveV3Gnosis
• Discussion

Copyright

Copyright and related rights waived via CC0.