Security & Audits
Aave has been implemented with security as priority. The system has been designed to be safe and secure, and all the necessary resources are spent in order to ensure that the protocol matches the highest security standards.
Below are the links to all audit reports and formal verification for protocol smart contracts
V3.1 Audits
Auditor | Audit Type | Date |
---|---|---|
Smart Contract | 04-30-2024 | |
Smart Contract | 02-05-2024 | |
Smart Contract Audit Competition | 06-02-2024 |
V3.0.2 Audits
Auditor | Audit Type | Date |
---|---|---|
Smart Contract | 04-13-2024 | |
Smart Contract | 05-01-2024 |
V3.0.1 Audits
Auditor | Audit Type | Date |
---|---|---|
Smart Contract | 12-23-2022 | |
Formal Verification | 11-17-2022 - 12-15-2022 | |
Smart Contract | 12-09-2022 |
V3 Audits
Auditor Report | Audit Type | Date |
---|---|---|
Smart Contract | 01-27-2022 | |
Smart Contract | 01-27-2022 | |
Formal Verification | 11-12-2021 - 01-24-2022 | |
Smart Contract | 01-14-2022 | |
Smart Contract | 01-07-2022 | |
Smart Contract | 01-11-2021 |
Client Application Security
Aave Interface follows the best practices to ensure a safe interface to interact with the protocol. Here are some protective measure that are taken.
DDOS Protection: Advanced cloud-based DDoS protection services are used to identify and neutralize threats before they reach interface infrastructure. Scalable solutions are used so that applications can remain accessible, even during periods of high request volume.
Domain Protection: To safeguard the domain, DNSSEC is used to protect against DNS spoofing and validate that domain name requests are securely authenticated. Regular monitoring and updates to DNS configurations help prevent unauthorized domain transfers.
Intrusion Detection: The front-end employs state-of-the-art intrusion detection systems (IDS) that monitor for suspicious activities and potential threats, assisting with rapid detection and response to protect user data.
Modification Detection: Content Security Policy (CSP) and Subresource Integrity (SRI) checks are used to detect and prevent unauthorized modifications to front-end code, maintaining the integrity and security of the application.
IPFS Naming Records: Each commit of the Aave Interface codebase is automatically deployed to IPFS. The app.aave.com IPNS pointer and domain text records, using the DNSLink standard, are continuously updated to reflect latest deployment hash.
Last updated