Aave Protocol Audit
Summary
The Aave team asked us to review and audit a pre-production version of their protocol. We looked at the code and now publish our results. The audited commit is 1f8e5e65a99a887a5a13ad9af6486ebf93f57d02 and all Solidity contracts in the aave-tech/dlp/contracts/contracts folder were in scope. Note... The Aave team is aware that the audited version of the code base is a work-in-progress and not ready for production. In view of the project’s maturity, this first security audit round should be taken as the initial step forward in the way to reach the highest levels of code quality and robustness demanded...
Issues (43)
Low | Medium | High | Critical | Total | |
|---|---|---|---|---|---|
Not fixed | 4 | 3 | 3 | - | 10 |
Fixed | 14 | 8 | 6 | 5 | 33 |
| Total | 18 | 11 | 9 | 5 | 43 |
Contracts (9)
| # | File Name |
|---|---|
| 1 | CoreLibrary.sol |
| 2 | LendingPoolLiquidationManager.sol |
| 3 | LendingPoolLibrary.sol |
| 4 | LendingPoolCore.sol |
| 5 | AToken.sol |
| 6 | LendingPoolConfigurator.sol |
| 7 | IPriceOracle.sol |
| 8 | LendingPool.sol |
| 9 | LendingPoolDataProvider.sol |