Umbrella is a new version of the Aave Safety Module to help address bad debt management within the Aave protocol.<\/p>\n
BGD engaged Ackee Blockchain Security to perform a security review of the Aave protocol with a total time donation of 19 engineering days in a period between February 10 and February 26, 2025.<\/p>\n
We began our review using static analysis tools, including Wake<\/span><\/a>. This yielded the I2<\/span> finding. We then took a deep dive into the logic of the contracts. For testing and fuzzing, we used the Wake<\/span><\/a> testing framework. We implemented additional unit tests that helped us analyze the shares inflation possibility (M1<\/span>) and arithmetic errors (L1<\/span>). We also implemented an additional set of fuzz tests, however, a full fuzzing campaign was not in the scope of this report. The fuzz tests discovered potential integration issues with the price oracle availability (L2<\/span>). During the review, we paid special attention to:<\/p>\n The first audit was performed on the commit A fix review was performed on commit A third review was conducted on commit The classification of a security finding is determined by two ratings: <\/span>impact<\/b> and <\/span>likelihood<\/b>. This two-dimensional classification helps clarify the severity of individual issues. Issues which would be rated as <\/span>medium<\/span><\/i> severity, but which would be likely discovered only by the team, are typically decreased by the likelihood factor to the <\/span>warning<\/span><\/i> or <\/span>informational<\/span><\/i> severity ratings.<\/span><\/p>\n Our review resulted in 9 findings<\/strong>, ranging from Informational to Medium severity. The most severe finding is M1<\/span>, which identified an issue with shares inflation. Due to the slashing mechanism, shares can grow rapidly, making the correct functioning of the system significantly dependent on configuration. StakeToken vaults that undergo full slashing due to small deficit offsets or higher pool deficits can enter a denial-of-service state. The state can be entered by an attacker in a single transaction due to the permissionless nature of slashing and deposits. The cost of the attack is determined by the underlying token (it can be as low as a few cents).<\/p>\n\n
SCOPE<\/span><\/h2>\n
a2ad2ff<\/code> and the scope were the umbrella<\/code> , stakeToken<\/code> and rewards<\/code> <\/span>folders.<\/span><\/p>\nde990C5<\/code>.<\/p>\n5b987d2<\/code> with final changes before the release. No issues were identified during this review.<\/p>\nFINDINGS<\/span><\/h2>\n