Certora Renew

src/20241014_AaveV3Ethereum_AaveCertoraContinuousSecurityServices/AaveCertoraContinuousSecurityServices.md

@@ -0,0 +1,94 @@
+---
+title: "Aave <> Certora Continuous Security Services"
+author: "Aave Chan Initiative"
+discussions: "https://governance.aave.com/t/arfc-aave-certora-continuous-security-services/19262"
+snapshot: "https://snapshot.org/#/aave.eth/proposal/0xebf0b33be0c3784b2928112414f08e31ac57705f49d46668bfef6fa6f761141d"
+---
+
+## Simple Summary
+
+This AIP propose to renew Certora engagement for the next year and will create two payment stream for 1,150,000 GHO and $0.55M worth of Aave scheduled to end on the 11th of september 2025.
+
+## Motivation
+
+With 2.5 years of continuous collaboration and contribution to Aave’s ecosystem behind us, we’re as excited about the protocol’s future as we were on day one!
+
+We offer an extension of our engagement with the DAO for a total period of 12 months. The scope of our offering is divided into 2 parts for transparency on pricing and operational commitment:
+
+1. Extending the [existing services ](https://governance.aave.com/t/arfc-continuous-security-proposal-aave-certora/15732) for Aave V3, which include:
+2. A full-time dedicated team available to consult, research, and review maintenance work, and new developments.
+3. Full ownership over governance proposal reviews - reviewing every governance proposal initiated on-chain.
+4. 24/7 availability for incident response, supporting the technical providers in the investigation and mitigation of emerging bugs.
+
+Note that the scope includes all existing V3 instances and all future EVM-based V3 instances.
+
+The price for the above scope is $1.7M. ⅔ of the price, $1.15M, will be made in Gho and ⅓, $0.55M, in AAVE.
+
+2. Safeguarding transactions against unknown attacks
+3. We will develop Safeguard, a modified Ethereum client based on geth client for real-time monitoring and invariant checking for Aave V3.
+4. We will write and monitor the invariants in real time to add another layer of security to the protocol and collaborate with the relevant entities to investigate and mitigate any suspicious transactions.
+
+Note that Safeguard is a complementary security service we provide free of charge for all existing AAVE V3 instances and all future EVM-based V3 instances.
+
+Price Explanation
+
+Last year, we reduced our prices from $2.7M to $1.5M to reflect the bear market. This year, we suggest a small increase to cover the rise in our costs.
+
+Our regular annual price for professional services is $2.7M. We decided to reduce the price by 37% to $1.7M, to reflect our commitment to Aave’s security.
+
+As in previous years, we request a ⅔-⅓ price breakdown of stablecoin and AAVE, respectively. As service providers and DAO members, we are strong believers in the alignment of long-term players with the protocol. Over the years, not a single AAVE token we received was sold, and the governance power was put to work through delegation to both ACI and StableLabs, which we track closely.
+
+## Background and Motivation
+
+In March 2022, we presented [a proposal to serve as a DAO security provider ](https://governance.aave.com/t/continuous-formal-verification/6308), collaborating with the other technical contributors to help Aave deploy the finest and most secure product on the market. In the next six months, we collaborated with both BGD Labs and Aave Labs on several high-profile projects, including the AAVE token V3, governance cross-chain bridge, and Gho token.
+
+Since then, we have continuously served the DAO as a security provider, assisting with dozens of new feature deployments and protocol improvement upgrades ([Sept 2022 - Sept 2023](https://governance.aave.com/t/security-and-agility-of-aave-smart-contracts-via-continuous-formal-verification/10181/19), [Sept 2023 - Sept 24 ](https://docs.google.com/document/d/1RoJPYxxf_9MAlJ6hWdl5JRHHwMW8aXGjTBGX2c3PQv0/edit?usp=sharing)), preventing several critical bugs from going live and assisting with mitigation of live bugs upon emergence.
+
+In addition to conducting security reviews and formal verification, we also:
+
+1. Conducted several focused research and investigation efforts of components and features within the ecosystem, reporting to the developing entities about the results and recommending actions to be taken.
+2. Led 6 community efforts to review and formally verify new and existing Aave code. This included extensive education of the independent researchers community on the protocol and ecosystem as a whole.
+3. Took full ownership of on-chain governance proposal reviews, reviewing so far 153 proposals, finding 4 bugs since February.
+4. We’re also continuously working with BGD Labs to improve their AIP review tooling - [Seatbelt ](https://github.com/bgd-labs/seatbelt-gov-v3).
+5. In addition to developing a complementary tool that helps highlight potential failure points and ensure the robustness of the layered review process.
+6. Assist with incident response investigations and mitigations.
+7. Following successful voting, on August 2024 we admitted our roles as signers for both the governance guardian and protocol emergency guardian.
+8. We will continue to act in full trust of the DAO and in collaboration with the rest of the contributing parties to train and act according to the DAO’s best interest.
+
+With the current engagement coming to an end, we propose our services for the fourth time, offering new contribution channels to the ecosystem in addition to the existing ones.
+
+## Scope
+
+We present the suggested scope for the following year:
+
+- Year-round availability of a dedicated team for review of new code. This includes manual reviews and [formal verification](https://medium.com/certora/certora-technology-white-paper-cae5ab0bdf1) of smart contracts, as well as the use of additional tools as necessary.
+- 24/7 availability for incident response investigations and mitigation. Of course, this is in full collaboration with the relevant developing entities and BGD Labs, the DAO’s security coordinator.
+- Full responsibility for reviewing every AIP that goes on-chain, preventing any faulty or malicious proposals from being executed and ensuring the highest-standard procedures are met.
+- We will develop an invariant-based monitoring system, called Safeguard, with invariants specifically tailored for Aave. The invariants will be written by Certora, assisted by BGD Labs for Aave V3 related components and Aave Labs for Gho related components. Alerts, results and data will be shared with BGD Labs as the system’s security coordinators.
+  - Since development is still in the early stages and it’s still undetermined when Safeguard will be up and running in stable form, bringing value to the DAO, we offer this at no additional cost on a best-effort basis.
+- We will continue to develop our governance proposals review tool to improve the overall tooling for the DAO in this domain.
+  The tool is currently in an alpha version and used solely by Certora. However, on December 1st, we’re expecting to release a beta version to the other service providers to get their feedback and feature requests. In a later stage, we plan to release the tool for public use.
+
+The annual price for the project is $1.7M: $1.15M is paid in Gho vested linearly over one year, and $550,000 is paid in AAVE tokens vested linearly over one year. A 30-day termination is possible after a vote.
+
+## Specification
+
+The payload will create 2 payment streams to the address 0x0F11640BF66e2D9352d9c41434A5C6E597c5e4c8 for a duration of 365 days starting from the end of the previous engagement (Sept. 11, 2024).
+
+- Create a payment stream of $1.15M Gho to 0x0F11640BF66e2D9352d9c41434A5C6E597c5e4c8 for a total of 365-Delta days.
+- Create a payment stream of $0.55M worth of AAVE to 0x0F11640BF66e2D9352d9c41434A5C6E597c5e4c8 for a total of 365-Delta days.
+
+Where Delta is the number of days from September 11th until execution.
+
+Price of AAVE will be determined using a 30-days average.
+
+## References
+
+- Implementation: [AaveV3Ethereum](https://github.com/bgd-labs/aave-proposals-v3/blob/main/src/20241014_AaveV3Ethereum_AaveCertoraContinuousSecurityServices/AaveV3Ethereum_AaveCertoraContinuousSecurityServices_20241014.sol)
+- Tests: [AaveV3Ethereum](https://github.com/bgd-labs/aave-proposals-v3/blob/main/src/20241014_AaveV3Ethereum_AaveCertoraContinuousSecurityServices/AaveV3Ethereum_AaveCertoraContinuousSecurityServices_20241014.t.sol)
+- [Snapshot](https://snapshot.org/#/aave.eth/proposal/0xebf0b33be0c3784b2928112414f08e31ac57705f49d46668bfef6fa6f761141d)
+- [Discussion](https://governance.aave.com/t/arfc-aave-certora-continuous-security-services/19262)
+
+## Copyright
+
+Copyright and related rights waived via [CC0](https://creativecommons.org/publicdomain/zero/1.0/).

src/20241014_AaveV3Ethereum_AaveCertoraContinuousSecurityServices/AaveCertoraContinuousSecurityServices_20241014.s.sol

@@ -0,0 +1,60 @@
+// SPDX-License-Identifier: MIT
+pragma solidity ^0.8.0;
+
+import {GovV3Helpers, IPayloadsControllerCore, PayloadsControllerUtils} from 'aave-helpers/src/GovV3Helpers.sol';
+import {GovernanceV3Ethereum} from 'aave-address-book/GovernanceV3Ethereum.sol';
+import {EthereumScript} from 'solidity-utils/contracts/utils/ScriptUtils.sol';
+import {AaveV3Ethereum_AaveCertoraContinuousSecurityServices_20241014} from './AaveV3Ethereum_AaveCertoraContinuousSecurityServices_20241014.sol';
+
+/**
+ * @dev Deploy Ethereum
+ * deploy-command: make deploy-ledger contract=src/20241014_AaveV3Ethereum_AaveCertoraContinuousSecurityServices/AaveCertoraContinuousSecurityServices_20241014.s.sol:DeployEthereum chain=mainnet
+ * verify-command: FOUNDRY_PROFILE=mainnet npx catapulta-verify -b broadcast/AaveCertoraContinuousSecurityServices_20241014.s.sol/1/run-latest.json
+ */
+contract DeployEthereum is EthereumScript {
+  function run() external broadcast {
+    // deploy payloads
+    address payload0 = GovV3Helpers.deployDeterministic(
+      type(AaveV3Ethereum_AaveCertoraContinuousSecurityServices_20241014).creationCode
+    );
+
+    // compose action
+    IPayloadsControllerCore.ExecutionAction[]
+      memory actions = new IPayloadsControllerCore.ExecutionAction[](1);
+    actions[0] = GovV3Helpers.buildAction(payload0);
+
+    // register action at payloadsController
+    GovV3Helpers.createPayload(actions);
+  }
+}
+
+/**
+ * @dev Create Proposal
+ * command: make deploy-ledger contract=src/20241014_AaveV3Ethereum_AaveCertoraContinuousSecurityServices/AaveCertoraContinuousSecurityServices_20241014.s.sol:CreateProposal chain=mainnet
+ */
+contract CreateProposal is EthereumScript {
+  function run() external {
+    // create payloads
+    PayloadsControllerUtils.Payload[] memory payloads = new PayloadsControllerUtils.Payload[](1);
+
+    // compose actions for validation
+    IPayloadsControllerCore.ExecutionAction[]
+      memory actionsEthereum = new IPayloadsControllerCore.ExecutionAction[](1);
+    actionsEthereum[0] = GovV3Helpers.buildAction(
+      type(AaveV3Ethereum_AaveCertoraContinuousSecurityServices_20241014).creationCode
+    );
+    payloads[0] = GovV3Helpers.buildMainnetPayload(vm, actionsEthereum);
+
+    // create proposal
+    vm.startBroadcast();
+    GovV3Helpers.createProposal(
+      vm,
+      payloads,
+      GovernanceV3Ethereum.VOTING_PORTAL_ETH_POL,
+      GovV3Helpers.ipfsHashFile(
+        vm,
+        'src/20241014_AaveV3Ethereum_AaveCertoraContinuousSecurityServices/AaveCertoraContinuousSecurityServices.md'
+      )
+    );
+  }
+}

src/20241014_AaveV3Ethereum_AaveCertoraContinuousSecurityServices/AaveV3Ethereum_AaveCertoraContinuousSecurityServices_20241014.sol

@@ -0,0 +1,48 @@
+// SPDX-License-Identifier: MIT
+pragma solidity ^0.8.0;
+
+import {IERC20Metadata} from 'solidity-utils/contracts/oz-common/interfaces/IERC20Metadata.sol';
+import {IProposalGenericExecutor} from 'aave-helpers/src/interfaces/IProposalGenericExecutor.sol';
+import {CollectorUtils} from 'aave-helpers/src/CollectorUtils.sol';
+import {AaveV3Ethereum, AaveV3EthereumAssets} from 'aave-address-book/AaveV3Ethereum.sol';
+import {MiscEthereum} from 'aave-address-book/MiscEthereum.sol';
+
+/**
+ * @title Aave <> Certora Continuous Security Services
+ * @author Aave Chan Initiative
+ * - Snapshot: https://snapshot.org/#/aave.eth/proposal/0xebf0b33be0c3784b2928112414f08e31ac57705f49d46668bfef6fa6f761141d
+ * - Discussion: https://governance.aave.com/t/arfc-aave-certora-continuous-security-services/19262
+ */
+contract AaveV3Ethereum_AaveCertoraContinuousSecurityServices_20241014 is IProposalGenericExecutor {
+  address public constant CERTORA_RECEIVER = 0xE8555F05b3f5a1F4566CD7da98c4e5F195258B65;
+  uint256 public constant AAVE_PRICE = 152_38026736; // from https://dune.com/queries/4163180/7006698 with timestamp 2024-10-15
+  uint256 public constant STOP_TIME = 1757548800; // ends on 11 september 2025
+
+  function execute() external {
+    CollectorUtils.stream(
+      AaveV3Ethereum.COLLECTOR,
+      CollectorUtils.CreateStreamInput({
+        underlying: AaveV3EthereumAssets.GHO_UNDERLYING,
+        receiver: CERTORA_RECEIVER,
+        amount: 1_150_000 * 10 ** IERC20Metadata(AaveV3EthereumAssets.GHO_UNDERLYING).decimals(),
+        start: block.timestamp,
+        duration: STOP_TIME - block.timestamp // ends on 11 september 2025
+      })
+    );
+
+    uint256 DURATION = STOP_TIME - block.timestamp;
+    uint256 AAVE_AMOUNT = (550_000 *
+      10 ** IERC20Metadata(AaveV3EthereumAssets.AAVE_UNDERLYING).decimals() *
+      10 ** 8) / AAVE_PRICE;
+    uint256 ACTUAL_AMOUNT = (AAVE_AMOUNT / DURATION) * DURATION;
+
+    MiscEthereum.AAVE_ECOSYSTEM_RESERVE_CONTROLLER.createStream(
+      MiscEthereum.ECOSYSTEM_RESERVE,
+      CERTORA_RECEIVER,
+      ACTUAL_AMOUNT,
+      AaveV3EthereumAssets.AAVE_UNDERLYING,
+      block.timestamp,
+      STOP_TIME
+    );
+  }
+}

src/20241014_AaveV3Ethereum_AaveCertoraContinuousSecurityServices/AaveV3Ethereum_AaveCertoraContinuousSecurityServices_20241014.t.sol

@@ -0,0 +1,98 @@
+// SPDX-License-Identifier: MIT
+pragma solidity ^0.8.0;
+
+import {AggregatorInterface} from 'aave-v3-origin/contracts/dependencies/chainlink/AggregatorInterface.sol';
+import {AaveV3Ethereum, AaveV3EthereumAssets} from 'aave-address-book/AaveV3Ethereum.sol';
+import {MiscEthereum} from 'aave-address-book/MiscEthereum.sol';
+import {IERC20} from 'solidity-utils/contracts/oz-common/interfaces/IERC20.sol';
+import {IERC20Metadata} from 'solidity-utils/contracts/oz-common/interfaces/IERC20Metadata.sol';
+import {IStreamable} from 'aave-address-book/common/IStreamable.sol';
+import 'forge-std/Test.sol';
+import {ProtocolV3TestBase, ReserveConfig} from 'aave-helpers/src/ProtocolV3TestBase.sol';
+import {AaveV3Ethereum_AaveCertoraContinuousSecurityServices_20241014} from './AaveV3Ethereum_AaveCertoraContinuousSecurityServices_20241014.sol';
+
+/**
+ * @dev Test for AaveV3Ethereum_AaveCertoraContinuousSecurityServices_20241014
+ * command: FOUNDRY_PROFILE=mainnet forge test --match-path=src/20241014_AaveV3Ethereum_AaveCertoraContinuousSecurityServices/AaveV3Ethereum_AaveCertoraContinuousSecurityServices_20241014.t.sol -vv
+ */
+contract AaveV3Ethereum_AaveCertoraContinuousSecurityServices_20241014_Test is ProtocolV3TestBase {
+  AaveV3Ethereum_AaveCertoraContinuousSecurityServices_20241014 internal proposal;
+  uint256 public constant BLOCKS_IN_FOUR_HOURS = (4 * 3600) / 12; //number of blocks in 4h
+
+  function setUp() public {
+    vm.createSelectFork(vm.rpcUrl('mainnet'), 20965854);
+    proposal = new AaveV3Ethereum_AaveCertoraContinuousSecurityServices_20241014();
+  }
+
+  /**
+   * @dev executes the generic test suite including e2e and config snapshots
+   */
+
+  function test_defaultProposalExecution() public {
+    address receiverAddress = proposal.CERTORA_RECEIVER();
+    IStreamable reserve = IStreamable(MiscEthereum.ECOSYSTEM_RESERVE);
+    uint256 ghoBalanceBefore = IERC20(AaveV3EthereumAssets.GHO_UNDERLYING).balanceOf(
+      receiverAddress
+    );
+    uint256 aaveBalanceBefore = IERC20(AaveV3EthereumAssets.AAVE_UNDERLYING).balanceOf(
+      receiverAddress
+    );
+
+    uint256 nextStreamId = AaveV3Ethereum.COLLECTOR.getNextStreamId();
+    vm.expectRevert();
+    AaveV3Ethereum.COLLECTOR.getStream(nextStreamId);
+
+    uint256 nextStreamId_reserve = reserve.getNextStreamId();
+    vm.expectRevert();
+    AaveV3Ethereum.COLLECTOR.getStream(nextStreamId);
+
+    executePayload(vm, address(proposal));
+
+    vm.warp(block.timestamp + 7 days);
+    vm.startPrank(receiverAddress);
+
+    AaveV3Ethereum.COLLECTOR.withdrawFromStream(nextStreamId, 1);
+    assertEq(
+      IERC20(AaveV3EthereumAssets.GHO_UNDERLYING).balanceOf(receiverAddress),
+      ghoBalanceBefore + 1
+    );
+
+    reserve.withdrawFromStream(nextStreamId_reserve, 1);
+    assertEq(
+      IERC20(AaveV3EthereumAssets.AAVE_UNDERLYING).balanceOf(receiverAddress),
+      aaveBalanceBefore + 1
+    );
+
+    vm.warp(proposal.STOP_TIME() + 7 days); // 11 september 2025 is quite far in the future
+
+    AaveV3Ethereum.COLLECTOR.withdrawFromStream(
+      nextStreamId,
+      AaveV3Ethereum.COLLECTOR.balanceOf(nextStreamId, receiverAddress)
+    );
+    assertApproxEqAbs(
+      IERC20(AaveV3EthereumAssets.GHO_UNDERLYING).balanceOf(receiverAddress),
+      ghoBalanceBefore +
+        1_150_000 *
+        10 ** IERC20Metadata(AaveV3EthereumAssets.GHO_UNDERLYING).decimals(),
+      1 * 10 ** IERC20Metadata(AaveV3EthereumAssets.GHO_UNDERLYING).decimals()
+    );
+
+    reserve.withdrawFromStream(
+      nextStreamId_reserve,
+      reserve.balanceOf(nextStreamId_reserve, receiverAddress)
+    );
+    assertApproxEqAbs(
+      IERC20(AaveV3EthereumAssets.AAVE_UNDERLYING).balanceOf(receiverAddress),
+      aaveBalanceBefore +
+        (550_000 *
+          10 ** IERC20Metadata(AaveV3EthereumAssets.AAVE_UNDERLYING).decimals() *
+          10 ** 8) /
+        proposal.AAVE_PRICE(),
+      1 * 10 ** IERC20Metadata(AaveV3EthereumAssets.AAVE_UNDERLYING).decimals()
+    );
+    console.log(
+      'AAVE received amount',
+      IERC20(AaveV3EthereumAssets.AAVE_UNDERLYING).balanceOf(receiverAddress) - aaveBalanceBefore
+    );
+  }
+}

src/20241014_AaveV3Ethereum_AaveCertoraContinuousSecurityServices/config.ts

@@ -0,0 +1,16 @@
+import {ConfigFile} from '../../generator/types';
+export const config: ConfigFile = {
+  rootOptions: {
+    author: 'Aave Chan Initiative',
+    pools: ['AaveV3Ethereum'],
+    title: 'Aave <> Certora Continuous Security Services',
+    shortName: 'AaveCertoraContinuousSecurityServices',
+    date: '20241014',
+    discussion:
+      'https://governance.aave.com/t/arfc-aave-certora-continuous-security-services/19262',
+    snapshot:
+      'https://snapshot.org/#/aave.eth/proposal/0xebf0b33be0c3784b2928112414f08e31ac57705f49d46668bfef6fa6f761141d',
+    votingNetwork: 'POLYGON',
+  },
+  poolOptions: {AaveV3Ethereum: {configs: {OTHERS: {}}, cache: {blockNumber: 20965854}}},
+};