In a decisive move to fortify its platform against potential threats, DeFi leader Aave has taken a pivotal step. The platform has initiated a critical vote, leading to the temporary suspension of stable borrows across all its networks. It is a necessary measure to ensure optimal operations.
Proactive Measures in Response to Potential Risks
This strategic decision directly responds to a potential attack vector identified by a white hat hacker. Aave’s swift response involved halting certain market operations as a preventive action. Their primary goal is to protect user assets and uphold the integrity of their protocol.
Aave’s plan to enhance security is multifaceted. It involves disabling stable borrow rates for all assets across every pool and network. A key tool in this strategy is the POOL_CONFIGURATOR. Its function will set the reserve stable rate borrowing to false for all assets with stable borrowing enabled on v3 pools. This action effectively pauses stable borrowing on these pools indefinitely.
Furthering their security efforts, Aave will also deactivate reserve stable rates on the Ethereum v2 pool. As part of this process, assets previously frozen by the freeze steward as a risk mitigation strategy will be made available again. This reinstatement will restore their accessibility and liquidity within the Aave ecosystem.
Immediate Actions Following Aave Vulnerability Report
Upon discovering the vulnerability on November 4, Aave acted instantly. The platform implemented protective measures for its markets, involving the temporary suspension and freezing of affected markets. Specifically targeted were the Aave v2 Ethereum Market and certain assets on Aave v2 on Avalanche, which were paused and frozen.
Other network assets like Polygon, Arbitrum, and Optimism also underwent temporary freezing to diminish potential risks. Although these measures were essential, they did interrupt trading activities in specific pools.
Ensuring Continuous Operation and User Safety
Despite these precautions, Aave V3 markets on Ethereum, including Base and Metis, and the V2 markets on Polygon and Avalanche remained unaffected by the vulnerabilities.
Aave reassures its users that their funds were never at risk during this time. Users who have supplied or borrowed from a frozen assets pool still retain the ability to withdraw and repay their positions.
However, further borrowing or supplying will be on hold until the issue is fully addressed. Once the pause is lifted, normal operations will recommence, allowing users to interact with the affected assets freely.