- Address(es) :
- Deployment Date :
- Project website : https://aave.com/
- Github repositories :
- Related MIP: MIP50: Direct Deposit Module
- Risk analysis : MEDIUM.
Compiler versions :
- Aave V2: v0.6.12+commit.27d51765
- MIP50: v0.6.12+commit.27d51765
Upgradeable contract patterns :
- Aave V2: Yes
- MIP50: No
This is a medium risk contract. The
dss-direct-deposit adapter has been built by Maker’s internal team and will be undergoing an audit before raising beyond a test debt ceiling. Most of the risk comes from Aave’s smart contracts. They use an upgradable pattern with Aave’s governance in charge of any future upgrades. Maker opens itself up to Aave governance attack by integrating this module. In particular Aave’s governance delay is 1 day vs Maker’s current 2 day delay. This will prevent us from being able to react to any governance attack before it gets executed.
Aave V2 has undergone 6 audits and the protocol is one of the most popular with billions locked in TVL for almost a year now. The risk of an undetected exploit being found at this stage seems small, but should not be completely discounted due to the complexity.