Aave Overhauls Collateral Reviews to Include Bridge, Oracle Risks

Aave, the decentralized finance lending protocol, is overhauling its standards for reviewing assets eligible for collateral.

CoinDesk reported on June 1 that Aave said in a recent postmortem report it plans to incorporate external infrastructure risks into future collateral assessments, including bridges, oracles, custody structures and operational security.

The change follows the Kelp DAO hack in April.

Aave said the incident was caused by a vulnerability in external infrastructure rather than the smart contract itself. The attacker exploited a flaw in the LayerZero bridge verification process to mint 116,500 rsETH without actual backing, then used the tokens as collateral to borrow on Aave.

The protocol said its previous collateral review framework focused on volatility, liquidity and smart-contract audits. It now plans to expand that process to assess bridge infrastructure, validation networks, third-party contracts and operational security standards more comprehensively.

Aave is also looking to strengthen automated responses when risks emerge. It is considering a mechanism that would automatically set the loan-to-value ratio, or LTV, to zero if certain risk indicators exceed preset thresholds, blocking additional borrowing.

Since the Kelp DAO incident, Aave has adjusted 295 risk-management parameters in its V3 market, including 168 supply-cap reductions and 66 borrowing-cap cuts.

As the DeFi ecosystem becomes more interconnected, risk assessments must cover not only the asset itself but also the infrastructure it relies on, Aave said. The overhaul is intended to address new forms of risk.