Ernesto

Day 1

Welcome to _ Barry!

I will be making a personal donation of 100 ETH to the relief effort coordinated by @aave Labs in relation to the KelpDAO's/LZ exploit. While I'm not involved with Aave anymore, I still believe the Aave protocol is important for DeFi overall. And the coordination effort led by @aave Labs without Aave itself being the exploited system, deserves support

Imo: - Suppliers agree are relatively insensitive to rates at the moment, and they **very** sensitive to specific announcements/plans regarding the unpaired collateral not affecting stablecoins on Aave Core (I really think it is the case, but uncertainty is not good for suppliers). - Stablecoin borrowers are actually quite a priority, because they are the business. Meaning that they are already suffering the high rates, but on the current ~15% levels, for the argument of duration/float, @ImperiumPaper comments, I think it is a scenario they should be prepared to, because it really can happen for 3-5 days, even if rarely sporadically. - The current borrowing rate levels, I'd say, are in quite good "equilibrium" considering the previous. I'd say even quantitatively, the delta LTV-LT of Aave v3 (~2% on more stressed e-modes like Ethena) should have protected a majority of borrowers. Of course, not against the ongoing cost, but still, the cost is not an order of magnitude higher. In the case of borrowers of stables against "volatile" assets, the borrowers assume want frequently) the volatility on the collateral, going long. So the higher borrowing cost on the collateral for a short period of time is not really. - I'm currently an outsider to Aave, but 100% sure @aave Labs are working full-steam to achieve a situation where 100% the stablecoins are not getting affected, and I'd bet neither ETH in any big amount (or zero).

@0xkrishb We actually took AAVE partially during all our engagements, and personally, I have always advocated for SPs to take a percentage of compensation in AAVE

@eboadom Just curious, why did you guys never take compensation in AAVE tokens from the DAO? All the parties leaving AaveDAO look like rent seekers who fumbled ownership.

A person I trust commented that sometimes it is important not to ignore weird propaganda, no matter how silly it seems. So, just a thought, which is highly possibly my last on the topic. Maintenance & incremental updates are not (only) what BGD was doing for 4 years in Aave. However, those tasks were very fulfilling work, way more important than people think, and for anybody looking around, a big reason of success in mature products. To be a bit more blunt: the cemetery is full of good initial ideas not well taken care of after. I would argue that indirectly trying to diminish that role precisely now on Aave, is very very far from a good idea.

Principles first. Respect to @omeragoldberg and the @chaoslabs team

Some thoughts in support of the smart contracts' size increase in Ethereum Glamsterdam ethereum-magicians.org/t/increase-max…

My thoughts on it. - I understand the mandate document as: our end goal is the most optimal possible scenario, but we know reaching that requires time and a constantly balancing approach to progress. - Being on the most radical side of decentralisation is relatively easy. Being on the most radical side of optimality and efficiency is also relatively easy. Being on a middle ground (like at least I understand will be the case for a long time in Ethereum), which is constantly dynamic, is the complicated one. - Only by already having a strong position established on the middle ground (Ethereum today) can you double down on principles, while not becoming immobilised. Debates aside, that's the bold approach. - If Ethereum (the chain, the ecosystem) did not act as a credible anchor to principles, there is a high chance that nobody with enough positioning would. And from there, pure efficiency seeking is a slippery slope. - In my opinion, the majority of challenges of achieving perfect CROPS principles in a blockchain are solvable. Far from easy, potentially not doable, but it doesn't feel to me like completely impossible. - I'd really argue that the real value of Ethereum arises almost exclusively from having achieved partially CROP principles. So, double down on that is not even idealistic; it is being practical.

There are definitely practical improvements, but I really don't think there is anything that makes DAOs impossible from first principles. Regarding huge portions of voting power in centralised entities, directions are: economic incentives (or lack of) for concentration of power (e.g., case of a CEX), self-limitation (e.g., big holder can just self-lock softly), granularity of control (e.g., having mechanisms like @LidoFinance dual gov, multi-stage voting), etc. About security councils, there is nothing inherently wrong with them, and the improvements are limiting their power by "sudo" actions, economic incentives, reputation game theory, etc Another problem that exists outside of your list is the concentration of delegated power, but due to good reasons and performance, which is a very tricky one. Talking about a case like ACI's on Aave, where under the hood, there are hundreds of independent delegators of voting power because they, well, basically like the representation they are getting. And imo, after certain limits, that is not so good, but very unnatural to design protection mechanisms for something being "too good". Of course, it can also degenerate into an exercise of propaganda, hence a problem of uninformed delegators, a lack of expertise. And on DAOs, you need localised initial centralisation in some cases, but that doesn't mean that the party having more influence should not have as its first and main priority reducing dependency on themselves by design. I mean, BGD is a testimony of that approach: we have been contributing to Aave for years, and if it were not for third-party decisions, the ecosystem would be more decentralised than ever. But that is a consequence of poor execution and bad principles on the initial steps of the DAO (basically not having full ownership of itself), not any proof that "DAOs can't work". I would even argue that having a successful DAO on some type of on-chain financial system is way simpler than, for example, on base layers like Ethereum. In pure computation environments like Ethereum, it is trickier to just define "what is good" direction-wise.

My general impression is that many DAOs are mostly an illusion/meme, that in practice: * huge portions of voting power are controlled by centralized entities who can effectively make the DAO do what they want * security councils or other centralized censorship mechanisms can veto anything they don't like tl;r - decentralized governance is mostly a meme and governance tokens are used for exit liquidity to enable VCs & early team members cashing out while still controlling enough voting power to effectively control the DAO. I really like the idea of DAOs, just not most practical implementations!

DAOs are a method of both direct and indirect transparency and accountability when done right. Whoever doesn't aim to have an on-chain application controlled partially or totally by one or multiple DAOs, has very certainly nothing to do in the blockchain world long term. People will study the Aave DAO, but this is just the beginning.

@SagivMooly @andy_koz @bgdlabs @Certora Appreciate the kind words, but no goodbye here @SagivMooly 😁 Neither Certora nor BGD is going to disappear any time soon

Thanks @eboadom, @andy_koz and @bgdlabs for holding providers like @Certora to high security standards over the past four years. Here are some of the things we learned and built together 🧵👇

@laurashin Not really any drama in what concerns BGD. We are simply not interested in contributing going forward to the current Aave, but from a very rational point of view

I feel like Aave Labs, ACI and BGD should go to either couples counseling or some kind of mediation. It feels like emotions are going to cause the most successful borrow/lend protocol to fall apart 🥺

Needless to say, the Aave protocol is perfectly fine and will continue to be so. BGD is still working on Aave, until our current engagement with the DAO finishes at the beginning of April. Highly recommended to read our full forum post on what happens going forward (and what doesn't) governance.aave.com/t/bgd-leaving-…

After 4 very productive years, we will be stopping our contribution to the Aave ecosystem as service providers, once our current scope finishes

ACI currently compensated ~$3m/year by the Aave DAO (and that being by far the highest in last 3y) is, I think, interesting food for thought

For me, Aave at $10 million versus now $70 billion feels pretty similar in terms of how critically important it is. Are you curious about Aave’s approach to security and their take on AI's Impact on Security? Check out my notes on the Web3 Security podcast episode featuring Ernesto Boado (@eboadom) of @bgdlabs and ex-CTO of @Aave, hosted by @jack__sanford from @sherlockdefi. From Geographic Systems to DeFi's Biggest Protocol Ernesto isn't the typical "obsessed with programming from age 5" genius coder. He's a multi-disciplinary software engineer who studied computer science in Spain but wasn't deeply into coding from an early age. What really changed everything for him was Ethereum's initial ethos in 2018: this global server that anyone can access, involved with financial transactions. That's what hooked him. Before ETH Lend (which later became Aave), Ernesto was working in geographical systems (maps and GIS software). He was experimenting with early Ethereum on his own (Remix, Truffle, MetaMask era), building a governance application. In December 2017 (top of the bull market!), he reached out to @StaniKulechov, the founder of ETH Lend, which had just completed its ICO. Stani saw potential, and Ernesto joined a small team of about 15 people. Managing $70 Billion: Abstract the Numbers Aave currently has roughly $70 billion in TVL, making it the number one protocol in the world by TVL. If Aave were a US bank, it would be one of the 40 largest banks in the entire United States. Ernesto's most fascinating take: "For me, when Aave was $10 million versus now $70 billion, it's pretty similar in terms of my perception of criticality." He explains that it's mandatory for developers on systems like Aave to be very abstract. You need to understand what's at stake, but you can't get obsessed. If you get obsessed, you'll immobilize yourself and not do anything because you're terrified of breaking something. The key is having good procedures. If you have good procedures, you shouldn't break anything. And you need protections so that if any problem happens, you can react. Ernesto believes this abstraction is very positive. Understanding criticality without obsessing over the numbers allows the team to keep shipping. Upgrade Philosophy: V3.x vs. Uniswap's Approach One of the most interesting topics was comparing Aave's upgrade strategy to Uniswap's. Uniswap goes V2 → V3 → V4 with completely new deployments and user migration required. Aave goes V3.0 → V3.1 → V3.2 → V3.3 → V3.4 → V3.5, upgrading the existing system. Ernesto thinks comparing these systems is misleading. The underlying systems are completely different. For Uniswap V4, it makes sense to be fully immutable because it's a very simple system. When you want to change it, the change is so radical that it probably makes more sense for users to migrate to another smart contract, and you just focus on the tooling for that migration. For Aave, the more mature it gets, the less sense migration makes. From V1 to V2 or V2 to V3, the changes were relatively radical and complicated to apply safely. But now on V3, that line starts to blur. Certain architectural changes aren't so simple to apply on V3, but they're doable. Whether it's worth it is debatable. “If you have a system with $70 billion, you should probably just maintain it for as much as possible and try to improve it if it's not some completely out-of-hand project.” He highlights that V3.0 at the beginning compared to V3.5 running now involved very radical changes: accounting (static vs. dynamic), precision math completely revamped, grouping of assets in the pool, features deprecated, features added, and countless other changes. It's good that people still perceive V3 as V3, but there were five upgrades over three years. Not super fast-paced, not super slow-paced either. V4 Is Coming: How Will Aave Manage Both? Aave V4 is in the audit process, which creates an interesting situation. V3 has $70 billion in TVL, and V4 will start from zero. So how will Aave manage supporting both? Ernesto notes that Aave already has experience with this. Aave V2 is still active with about $400-500 million across three networks, even with active deprecation steps (adjusting rates to incentivize migration to V3). V4 has a slightly different target. From communications, V4 seems quite oriented to builders or a more modularized approach, even targeting people who want to run their own mini pools. V3, on the other hand, is very monolithic on purpose, controlled by a sole entity (the DAO, which is multiple entities behind the scenes) and opinionated on almost everything. Ernesto thinks this was one of the recipes for V3's success. When you try to do too much modularity, it becomes tricky for users, confusing, and UX doesn't catch up in time. The advantage: V3 is perfectly fine, and V4 will exist. If people migrate to V4 or stay on V3, the benefit is for the same DAO behind the scenes. Maintenance is a concern for sure, but Ernesto believes V4's different focus means both can coexist. Decentralization: Being Honest Is Key When asked about advice for other teams navigating decentralization, Ernesto highlighted that it's a very gray area: is centralization good, or is decentralization good, and how do you do one versus the other? One of the main issues is that until very recently, there weren't clear guidelines. This is especially challenging for small teams in a completely open environment where anyone can write and deploy smart contracts. How do you structure a company? What's the plan for progressive decentralization? Does it make sense from a business standpoint or common good perspective? There are so many variables. For Aave, decisions were pretty natural: - People trust non-anonymous people to run a protocol more than anonymous people - Once the AAVE token was pretty well distributed, it was clear the DAO should give back governance control Ernesto emphasizes that onchain governance via token, if the token is well distributed, is just very good security-wise. You need certain protections, but it's arguably stronger than alternatives like multisigs. How to Become a Trusted Independent Researcher When asked how an independent researcher can become one of Aave's go-to trusted researchers, Ernesto's answer was simple: It boils down to work. The researchers BGD works with (both firms and solos) spend a lot of time on Aave's codebase. They submit reports, invalid reports, minor valid reports, sometimes major ones. It's just a lot of work behind the scenes. That creates trust. Being honest and not trying to do weird shenanigans is key. Ernesto understands why the industry is sometimes polarized and adversarial between bounty hunters and projects (there's a lot of history of projects not being fair), but for Aave, there's nothing to win from being unfair with researchers. It's just stupid. What they don't accept is speculation. They know what speculation looks like because they have enough knowledge of Aave to distinguish it. The pattern Ernesto sees with majorly successful researchers and bounty hunters: It's usually very easy to work with them. There's no drama. These are people who've earned millions of dollars in bounties and contracts, and they're rational. They accept when something is a fair evaluation, whether it's low, medium, or high severity. His advice to researchers: 1. Be honest, especially with top protocols that have no incentive to be unfair 2. Spend a lot of time on the code 3. Participate in discussions (even if Aave has some apathy in participation, researchers should engage) 4. Proactively add value: Many of BGD's relationships with solo researchers started with someone reaching out with something that maybe wasn't valid, but the effort and understanding showed a good approach, and they were put in the front line to work with BGD AI's Impact on Security Ernesto sees symptoms of AI having an impact. In recent months, more and more security researchers are clearly using some type of hybrid approach. He doesn't think AI is at the level of finding deep bugs involving lots of components, but in both DeFi and traditional software, bugs and their costs have historically been the same: buffer overflows, pointer issues, injections, these have been happening for 70 years. AI could serve as a filtering tool, hinting tool, or reminder. Another very important aspect Ernesto sees in successful researchers: They're organized people, quite systematic. Yes, they have strong intuition, but they don't just act on intuition. They keep it in mind, use pattern recognition, and probably document their own internal checklists. That's the secret sauce, you need some type of assistant, which historically has been your own notes and your past self. AI could be that assistant: "Did you check this? By the way, you trained me with some patterns, so did you think in this direction?" That's where Ernesto sees potential value. Documentation Is Non-Negotiable One of Ernesto's core principles: Documentation should always be oriented to auditors, and specifically to auditors they didn't work with before. In a system like Aave, if you cannot explain to a security auditor in the DeFi industry (even if not familiar with Aave) what the upgrade is about, all the edge cases, points of focus, etc., then the upgrade is not ready. There's no other way to see it. This is BGD's internal policy: Documentation should be very good, always. If you don't do it well, it means you don't understand the system.

Some (final) thoughts on $AAVE ownership principles and transparency about them governance.aave.com/t/arfc-aave-to…

@EvgenyGaevoy I didn't have time to even apply feedback on the Ownership phase 😅 But yes, I will elaborate on different points on the forum

what I'd like to see from Stani next year: concrete proposal on AAVE vs labs value capture what I'd like to see from Ernesto and Marc next year: no more phase1/phase2 stuff. Skip right to phase 2 proposal

@antonttc I already commented on what I think of the creation of this proposal, but it really has no type of effect on Aave v3. Still the biggest and most solid DeFi protocol now and in the foreseable future

If you build on Aave v3, good luck following the drama; the protocol itself will largely depend on the outcome of this vote, which is not looking good so far for the DAO -- Not sure if the Lab will play dirty and insist this No outcome is valid If you build on Morpho or Euler v2, you won't care as much because of the immutable code. (to be fair, Aave v4 will probably be fine too)