[ARFC] Aave v3.1 activation

 

Simple summary

Proposal for the activation of Aave v3.1 as an upgrade on top of all active Aave v3 instances.

The codebase can be found on https://github.com/aave-dao/aave-v3-origin

 

Motivation

Aave v3 is a “living” DeFi protocol, which akin to any other software, receives upgrades over time on its different components. Sometimes, the improvements can be made in isolation in independent upgrades, for example, almost 1 year ago, we introduced a new 3.0.2 version 1, including only relatively minor changes and bug fixes.

However, since 3.0.2, we had multiple other ideas on the backlog heavily focused on security and optimisation, that over time got validated due to security incidents on similar protocols and by observing operational overhead for Aave contributors (e.g. governance proposals changing parameters). As some of this features in some cases were dependent between each other, end of 2023 we decided to batch them together in a new major-minor Aave v3 version we propose for activation here: Aave v3.1.

 

Specification

3.1 scope

v3.1 is clearly focused in 2 fields: redundant security and optimisation of the logic to reduce operational overhead. With those principles in mind, the following is a summarised of the features/improvements included in the release (for extensive information, full specification can be found HERE):

1. Virtual accounting
2. Stateful interest rate strategy
3. Freezing by EMERGENCY_GUARDIAN on PoolConfigurator
4. Reserve data update on rate strategy and RF (Reserve Factor) changes
5. Minimum decimals for listed assets
6. Liquidations grace sentinel
7. LTV0 on freezing
8. Permission-less movement of stable positions to variable
9. Allow setting debt ceiling whenever LT is 0
10. New getters on Pool and PoolConfigurator for library addresses
11. Misc minor bug fixes and sync the codebase with the current v3 production

 

Security

This 3.1 has undergone 3 different procedures, and optionally more are expected pre and post release:

• Security review by MixBytes.
• Security review by Certora, in addition to improved Certora properties since the v3 release.
• Security review of the most critical feature (Virtual Accounting) by StErMi.

All the reports will be added to the Aave v3.1. repository once finished.

 

The previous third-party procedures complement all the internal by BGD, that we apply to every codebase:

• Testing of all the new features, and verifying/adapting that only intended consequences appear on previous Aave v3 features.
• Gas implications.
• Carefully verifying codebase and storage diffs to avoid any type of broken behaviour.
• High-level operational implications, for example on procedures followed by other Aave contributors when doing governance proposals.

Additionally, the current Aave Immunefi bug bounty will be applicable to v3.1, once approved via governance and activated on production instances.

 

Upgrade procedure

The upgrade of v3 instances to v3.1 will be done same as any other Aave on-chain governance proposal: on each applicable network, an executable payload will do the appropriate implementations' upgrades together with any other intended setup.

The goal is to apply v3.1 on all active Aave v3 networks: Ethereum, Polygon PoS, Avalanche C-Chain, Arbitrum, Optimism, Base, Metis, Scroll, Gnosis and BNBChain.

 

Licensing

Aave v3.1 follows the same licensing approach as all other major contributions of BGD Labs as service provider of the Aave DAO: BUSL 1.1 licensed to the Aave governance smart contracts, explicitly forbidden the usage of the improved codebase in production by any entity competing with Aave.

The Aave DAO has full power to change this license however deemed appropriate in the future.

The full license can be found HERE

 

Next steps

• Pre-approval via this ARFC Snapshot for the upgrade of all Aave v3 instances to Aave v3.1.
• In parallel, finish the preparations of the AIP payload for the upgrade, and any extra security procedure around it.