DeFiScan
@defiscan
PART 2/2 Aave V3's decentralization review: Stage 0 Direct minting and burning of $GHO through the Risk Council is managed through the GhoDirectMinter contract and limited by minting caps which are controlled by the Aave Governance. Both the GhoStabilityModule and the GhoDirectMinter as well as the respective aToken and variableDebtToken contracts are upgradeable by the Aave Governance opening the possibility of uncontrolled minting or burning of GHO in case of an unintended upgrade. If abused, this control thus introduces a risk of loss of funds, loss of unclaimed yield (accrued interest in GHO) or an otherwise material impact on the expected protocol performance for GHO holders and Aave users.
0 reply
0 recast
1 reaction
DeFiScan
@defiscan
Aave Governance Aave Governance refers to Aave v3's onchain governance system which controls contract upgrades as well as other critical permissions as outlined above. We discuss the governance process itself in the Exit Window section and here focus on upgradeability and control in this module itself. This governance process is implemented in the GovernanceV3 contract which is fully upgradeable through a permissionless governance proposal. Hence, an unintended proposal could change the Aave Governance system and reassign its control to a less robust or fully centralized setup. In order to mitigate this risk, upgrades to the GovernanceV3 contract, as well as the AAVE token, require passing a 7 day Exit Window (https://defiscan-git-add-aave-v3-defiscan.vercel.app/protocols/aave#exit-window).
0 reply
0 recast
0 reaction