Ernesto

My $AAVE Alignment proposal: Ownership. If you are an $AAVE token holder, you should check it out governance.aave.com/t/arfc-aave-to…

My thoughts on it. - I understand the mandate document as: our end goal is the most optimal possible scenario, but we know reaching that requires time and a constantly balancing approach to progress. - Being on the most radical side of decentralisation is relatively easy. Being on the most radical side of optimality and efficiency is also relatively easy. Being on a middle ground (like at least I understand will be the case for a long time in Ethereum), which is constantly dynamic, is the complicated one. - Only by already having a strong position established on the middle ground (Ethereum today) can you double down on principles, while not becoming immobilised. Debates aside, that's the bold approach. - If Ethereum (the chain, the ecosystem) did not act as a credible anchor to principles, there is a high chance that nobody with enough positioning would. And from there, pure efficiency seeking is a slippery slope. - In my opinion, the majority of challenges of achieving perfect CROPS principles in a blockchain are solvable. Far from easy, potentially not doable, but it doesn't feel to me like completely impossible. - I'd really argue that the real value of Ethereum arises almost exclusively from having achieved partially CROP principles. So, double down on that is not even idealistic; it is being practical.

There are definitely practical improvements, but I really don't think there is anything that makes DAOs impossible from first principles. Regarding huge portions of voting power in centralised entities, directions are: economic incentives (or lack of) for concentration of power (e.g., case of a CEX), self-limitation (e.g., big holder can just self-lock softly), granularity of control (e.g., having mechanisms like @LidoFinance dual gov, multi-stage voting), etc. About security councils, there is nothing inherently wrong with them, and the improvements are limiting their power by "sudo" actions, economic incentives, reputation game theory, etc Another problem that exists outside of your list is the concentration of delegated power, but due to good reasons and performance, which is a very tricky one. Talking about a case like ACI's on Aave, where under the hood, there are hundreds of independent delegators of voting power because they, well, basically like the representation they are getting. And imo, after certain limits, that is not so good, but very unnatural to design protection mechanisms for something being "too good". Of course, it can also degenerate into an exercise of propaganda, hence a problem of uninformed delegators, a lack of expertise. And on DAOs, you need localised initial centralisation in some cases, but that doesn't mean that the party having more influence should not have as its first and main priority reducing dependency on themselves by design. I mean, BGD is a testimony of that approach: we have been contributing to Aave for years, and if it were not for third-party decisions, the ecosystem would be more decentralised than ever. But that is a consequence of poor execution and bad principles on the initial steps of the DAO (basically not having full ownership of itself), not any proof that "DAOs can't work". I would even argue that having a successful DAO on some type of on-chain financial system is way simpler than, for example, on base layers like Ethereum. In pure computation environments like Ethereum, it is trickier to just define "what is good" direction-wise.

My general impression is that many DAOs are mostly an illusion/meme, that in practice: * huge portions of voting power are controlled by centralized entities who can effectively make the DAO do what they want * security councils or other centralized censorship mechanisms can veto anything they don't like tl;r - decentralized governance is mostly a meme and governance tokens are used for exit liquidity to enable VCs & early team members cashing out while still controlling enough voting power to effectively control the DAO. I really like the idea of DAOs, just not most practical implementations!

DAOs are a method of both direct and indirect transparency and accountability when done right. Whoever doesn't aim to have an on-chain application controlled partially or totally by one or multiple DAOs, has very certainly nothing to do in the blockchain world long term. People will study the Aave DAO, but this is just the beginning.

@SagivMooly @andy_koz @bgdlabs @Certora Appreciate the kind words, but no goodbye here @SagivMooly 😁 Neither Certora nor BGD is going to disappear any time soon

Thanks @eboadom, @andy_koz and @bgdlabs for holding providers like @Certora to high security standards over the past four years. Here are some of the things we learned and built together 🧵👇

@laurashin Not really any drama in what concerns BGD. We are simply not interested in contributing going forward to the current Aave, but from a very rational point of view

I feel like Aave Labs, ACI and BGD should go to either couples counseling or some kind of mediation. It feels like emotions are going to cause the most successful borrow/lend protocol to fall apart 🥺

Needless to say, the Aave protocol is perfectly fine and will continue to be so. BGD is still working on Aave, until our current engagement with the DAO finishes at the beginning of April. Highly recommended to read our full forum post on what happens going forward (and what doesn't) governance.aave.com/t/bgd-leaving-…

After 4 very productive years, we will be stopping our contribution to the Aave ecosystem as service providers, once our current scope finishes

ACI currently compensated ~$3m/year by the Aave DAO (and that being by far the highest in last 3y) is, I think, interesting food for thought

For me, Aave at $10 million versus now $70 billion feels pretty similar in terms of how critically important it is. Are you curious about Aave’s approach to security and their take on AI's Impact on Security? Check out my notes on the Web3 Security podcast episode featuring Ernesto Boado (@eboadom) of @bgdlabs and ex-CTO of @Aave, hosted by @jack__sanford from @sherlockdefi. From Geographic Systems to DeFi's Biggest Protocol Ernesto isn't the typical "obsessed with programming from age 5" genius coder. He's a multi-disciplinary software engineer who studied computer science in Spain but wasn't deeply into coding from an early age. What really changed everything for him was Ethereum's initial ethos in 2018: this global server that anyone can access, involved with financial transactions. That's what hooked him. Before ETH Lend (which later became Aave), Ernesto was working in geographical systems (maps and GIS software). He was experimenting with early Ethereum on his own (Remix, Truffle, MetaMask era), building a governance application. In December 2017 (top of the bull market!), he reached out to @StaniKulechov, the founder of ETH Lend, which had just completed its ICO. Stani saw potential, and Ernesto joined a small team of about 15 people. Managing $70 Billion: Abstract the Numbers Aave currently has roughly $70 billion in TVL, making it the number one protocol in the world by TVL. If Aave were a US bank, it would be one of the 40 largest banks in the entire United States. Ernesto's most fascinating take: "For me, when Aave was $10 million versus now $70 billion, it's pretty similar in terms of my perception of criticality." He explains that it's mandatory for developers on systems like Aave to be very abstract. You need to understand what's at stake, but you can't get obsessed. If you get obsessed, you'll immobilize yourself and not do anything because you're terrified of breaking something. The key is having good procedures. If you have good procedures, you shouldn't break anything. And you need protections so that if any problem happens, you can react. Ernesto believes this abstraction is very positive. Understanding criticality without obsessing over the numbers allows the team to keep shipping. Upgrade Philosophy: V3.x vs. Uniswap's Approach One of the most interesting topics was comparing Aave's upgrade strategy to Uniswap's. Uniswap goes V2 → V3 → V4 with completely new deployments and user migration required. Aave goes V3.0 → V3.1 → V3.2 → V3.3 → V3.4 → V3.5, upgrading the existing system. Ernesto thinks comparing these systems is misleading. The underlying systems are completely different. For Uniswap V4, it makes sense to be fully immutable because it's a very simple system. When you want to change it, the change is so radical that it probably makes more sense for users to migrate to another smart contract, and you just focus on the tooling for that migration. For Aave, the more mature it gets, the less sense migration makes. From V1 to V2 or V2 to V3, the changes were relatively radical and complicated to apply safely. But now on V3, that line starts to blur. Certain architectural changes aren't so simple to apply on V3, but they're doable. Whether it's worth it is debatable. “If you have a system with $70 billion, you should probably just maintain it for as much as possible and try to improve it if it's not some completely out-of-hand project.” He highlights that V3.0 at the beginning compared to V3.5 running now involved very radical changes: accounting (static vs. dynamic), precision math completely revamped, grouping of assets in the pool, features deprecated, features added, and countless other changes. It's good that people still perceive V3 as V3, but there were five upgrades over three years. Not super fast-paced, not super slow-paced either. V4 Is Coming: How Will Aave Manage Both? Aave V4 is in the audit process, which creates an interesting situation. V3 has $70 billion in TVL, and V4 will start from zero. So how will Aave manage supporting both? Ernesto notes that Aave already has experience with this. Aave V2 is still active with about $400-500 million across three networks, even with active deprecation steps (adjusting rates to incentivize migration to V3). V4 has a slightly different target. From communications, V4 seems quite oriented to builders or a more modularized approach, even targeting people who want to run their own mini pools. V3, on the other hand, is very monolithic on purpose, controlled by a sole entity (the DAO, which is multiple entities behind the scenes) and opinionated on almost everything. Ernesto thinks this was one of the recipes for V3's success. When you try to do too much modularity, it becomes tricky for users, confusing, and UX doesn't catch up in time. The advantage: V3 is perfectly fine, and V4 will exist. If people migrate to V4 or stay on V3, the benefit is for the same DAO behind the scenes. Maintenance is a concern for sure, but Ernesto believes V4's different focus means both can coexist. Decentralization: Being Honest Is Key When asked about advice for other teams navigating decentralization, Ernesto highlighted that it's a very gray area: is centralization good, or is decentralization good, and how do you do one versus the other? One of the main issues is that until very recently, there weren't clear guidelines. This is especially challenging for small teams in a completely open environment where anyone can write and deploy smart contracts. How do you structure a company? What's the plan for progressive decentralization? Does it make sense from a business standpoint or common good perspective? There are so many variables. For Aave, decisions were pretty natural: - People trust non-anonymous people to run a protocol more than anonymous people - Once the AAVE token was pretty well distributed, it was clear the DAO should give back governance control Ernesto emphasizes that onchain governance via token, if the token is well distributed, is just very good security-wise. You need certain protections, but it's arguably stronger than alternatives like multisigs. How to Become a Trusted Independent Researcher When asked how an independent researcher can become one of Aave's go-to trusted researchers, Ernesto's answer was simple: It boils down to work. The researchers BGD works with (both firms and solos) spend a lot of time on Aave's codebase. They submit reports, invalid reports, minor valid reports, sometimes major ones. It's just a lot of work behind the scenes. That creates trust. Being honest and not trying to do weird shenanigans is key. Ernesto understands why the industry is sometimes polarized and adversarial between bounty hunters and projects (there's a lot of history of projects not being fair), but for Aave, there's nothing to win from being unfair with researchers. It's just stupid. What they don't accept is speculation. They know what speculation looks like because they have enough knowledge of Aave to distinguish it. The pattern Ernesto sees with majorly successful researchers and bounty hunters: It's usually very easy to work with them. There's no drama. These are people who've earned millions of dollars in bounties and contracts, and they're rational. They accept when something is a fair evaluation, whether it's low, medium, or high severity. His advice to researchers: 1. Be honest, especially with top protocols that have no incentive to be unfair 2. Spend a lot of time on the code 3. Participate in discussions (even if Aave has some apathy in participation, researchers should engage) 4. Proactively add value: Many of BGD's relationships with solo researchers started with someone reaching out with something that maybe wasn't valid, but the effort and understanding showed a good approach, and they were put in the front line to work with BGD AI's Impact on Security Ernesto sees symptoms of AI having an impact. In recent months, more and more security researchers are clearly using some type of hybrid approach. He doesn't think AI is at the level of finding deep bugs involving lots of components, but in both DeFi and traditional software, bugs and their costs have historically been the same: buffer overflows, pointer issues, injections, these have been happening for 70 years. AI could serve as a filtering tool, hinting tool, or reminder. Another very important aspect Ernesto sees in successful researchers: They're organized people, quite systematic. Yes, they have strong intuition, but they don't just act on intuition. They keep it in mind, use pattern recognition, and probably document their own internal checklists. That's the secret sauce, you need some type of assistant, which historically has been your own notes and your past self. AI could be that assistant: "Did you check this? By the way, you trained me with some patterns, so did you think in this direction?" That's where Ernesto sees potential value. Documentation Is Non-Negotiable One of Ernesto's core principles: Documentation should always be oriented to auditors, and specifically to auditors they didn't work with before. In a system like Aave, if you cannot explain to a security auditor in the DeFi industry (even if not familiar with Aave) what the upgrade is about, all the edge cases, points of focus, etc., then the upgrade is not ready. There's no other way to see it. This is BGD's internal policy: Documentation should be very good, always. If you don't do it well, it means you don't understand the system.

Some (final) thoughts on $AAVE ownership principles and transparency about them governance.aave.com/t/arfc-aave-to…

@EvgenyGaevoy I didn't have time to even apply feedback on the Ownership phase 😅 But yes, I will elaborate on different points on the forum

what I'd like to see from Stani next year: concrete proposal on AAVE vs labs value capture what I'd like to see from Ernesto and Marc next year: no more phase1/phase2 stuff. Skip right to phase 2 proposal

@antonttc I already commented on what I think of the creation of this proposal, but it really has no type of effect on Aave v3. Still the biggest and most solid DeFi protocol now and in the foreseable future

If you build on Aave v3, good luck following the drama; the protocol itself will largely depend on the outcome of this vote, which is not looking good so far for the DAO -- Not sure if the Lab will play dirty and insist this No outcome is valid If you build on Morpho or Euler v2, you won't care as much because of the immutable code. (to be fair, Aave v4 will probably be fine too)

@dabit3 Again, it is not by the rules. Proposing something in the name of somebody else without any type on consent is anything but by the rules

@eboadom IMO change the rules if people don't like the rules, but if someone is playing by the rules it's unfair to frame it as anything else

To be very clear: - This is not, in ethos, my proposal. Aave Labs has (for whatever reason) unilaterally submitted my proposal to vote in a rush, with my name on it, and without notifying me at all. If asked, I would not have approved it. - It was not my intention to submit the vote while the community was still having a healthy discussion around it, with valuable points appearing continuously. It breaks all codes of trust with the community. - Public governance is supposed to be for, even if hard sometimes, open discussion. Trying to rush a vote is disgraceful.

@dabit3 As you probably already know, it is quite natural to let people discuss and then incorporate feedback. Not so natural to submit proposals in the name of others and claim "it is gov procedures"

> Creates proposal > Proposal is debated for 5 days > Argument is essentially "This is existential and urgent and needs to be voted on" > DAO framework says snapshot after ~5 days of discussion so high-priority topics don't stall > Snapshot vote of EXACT proposal is created “NO NOT LIKE THAT”

@ciefa_eth I think that is more of a question for them to answer, but I feel it has certain relation with the proposal to appear as the original one, and "close" the conversation after a vote with low participation

@eboadom Can you tell me why they used your name for it? Like, why would they do that if you haven't signed off on it? Genuinely trying to understand

1. Right timing would depend, as always, on how the discussion evolved/evolves. But definitely a moment like these days, where participation in gov voting is lower, is not the right time if the goal is to maximise participation. 2. I think discussion and transparency don't hurt, so yes

It’s somewhat unusual to see the proposal authored by you personally, while the proposer is listed as Labs. I have two questions: 1. What do you think is the right timing to push this proposal on snapshot? It seems unlikely that the current discussion will converge on a clear resolution and will instead result in two opposing groups, those in favor and those against. 2. It’s possible that this proposal may not gain sufficient legitimacy and that a revised version will be submitted later. If the follow-up proposal is also not supported, would you continue advancing the discussion until a clear FOR consensus is reached?

There was valuable feedback on the proposal, both in content and form. Feedback that I obviously planned to include in the final vote, no matter which label it would finally have. But having another entity deciding to just escalate to a vote, pretty much shows the levels of respect

@eboadom odd they'd do that considering there were posts the past few days about not rushing the AFRC vote and changing it to a temp check etc. ngl was surprised to see the Labs account jump in and move to a snapshot

Difficult to understand even what your point is. Your organisation is basically the only one thinking that rushing a proposal *from somebody else* in a rush to vote is legit, even knowing that participation these days would tend to be lower by default. Claiming this is about "respecting governance procedures" is misleading, delusional, or both

@Wahndo_ @amtwo__ This is mostly rhetoric, in my opinion. He had no issue claiming it as his proposal or moving it to a vote when it was posted or over the course of the five days of discussing it. x.com/eboadom/status…

I'd like to offer my perspective to help clarify the facts around the recent DAO discussions and vote. The conversation began on Dec 11 with a discussion about ParaSwap's positive slippage referrals and then, after five days of discussing that, evolved into an ARFC. This escalation signaled a desire from the community to move toward a resolution. The ARFC was then discussed for an additional five days, generating hundreds of replies, tens of thousands of forum visits, and extensive engagement on socials. Following the DAO’s established framework, the proposal was moved to a Snapshot vote exactly as it was written. Proponents repeatedly stated that implementation details would be handled in a future “Phase 2,” and the consensus was that *this* vote was about the core principle and didn't need the fine print. Nor were there calls for revisions to the proposal itself. When Stani suggested an iterative approach, many people expressed a preference for avoiding such steps. Which is fair enough, given that wasn't the expressed goal of the proposal. Only after the vote was called did a new set of “soft rules” appear such as holiday voting periods and author consent. These are not part of our current written framework. If these are important considerations for the future, I agree they should be formally discussed and added to our governance process. I have also been named by a service provider for causing "reputational damage." IMO, the real damage comes from turning internal governance debates into a public spectacle. Amplifying negative press, pushing prediction markets, and spinning misleading narratives is what harms the brand. My prior work for the Aave ecosystem reflects the exact opposite of this behavior. My number one goal since I got hired has been to make Aave as successful as possible. That means growing the brand, increasing DAO revenue, and ensuring we all win together. This year, I’ve worked closely with all of Aave's service providers to amplify their work and align our efforts toward that shared success. I’ve been a token holder since the ETHLend days, and I’ve always believed Aave's strength comes from the DAO's ability to have these debates and then come together to make a decision. That can't happen with the rhetoric that's been amplified, and encouraged, by some involved in this discussion. This ongoing drama is overshadowing what has been Aave’s most successful year yet. I believe it is better for the DAO to vote and resolve this issue so we can all move forward together.

@Bisquise_ @Marczeller @aave Here, but generally, my response is that this is a terrible practice. I'm not submitting proposals for anybody else, no matter the rationale or intention governance.aave.com/t/arfc-aave-to…

@Marczeller @aave @eboadom This sounds concerning. Can you drop the link to your full response? The community needs to see the details.

We acknowledge @aave unilaterally escalated the proposal to Snapshot without resolving discussion, without clear consensus, and without consent from @eboadom We’ve posted our position in response to this unprecedented interference in the DAO governance process. Worst outcome that was entirely preventable.

@Rebellion_eth @bgdlabs There is no reason to rush a proposal when the community is still discussing it actively and constructively from all angles, especially one as critical as this one. It delegitimises the whole governance procedure

Or at least that's what I would do, but... Damn, it turns out that Aave Labs submitted a proposal from @eboadom , the co-founder of @bgdlabs without approval, why? x.com/eboadom/status…

The snapshot for the first phase of $AAVE token alignment will begin on December 23, at 9:40 PM. So, what will you do when we know that tomorrow will definitely be a volatile time for $AAVE?