aare.finance

Security

Read the contract first.
Then deposit.

Every security claim on this page links to a verifiable artifact. If a claim has no citation, it does not ship.

Security architecture

Single-chain deployment

The protocol deploys on one L1. All state changes — deposit, borrow, repay, liquidate — happen atomically on that chain. No cross-chain messages, no bridge lock-up, no L2 deployment in v0 (spec §0, §1.2, §10.2, §10.8).

Governance behind a timelock, no EOA owner

Privileged actions — adding a market, changing risk parameters, swapping a peripheral, unpausing — route through a 3-of-5 governance multisig with a 48 h timelock for parameter changes and 7 d for new collateral listings. A separate 2-of-3 pause guardian can pause a (market, action) pair without delay but cannot unpause, change parameters, or move funds. The deployer holds no role post-deploy; this is enforced by a CI invariant. A captured governance cannot extract user principal — the ERC-20 recovery path is firewalled by an on-chain deny-list against any allowlisted protocol asset (spec §2.5, §2.6, §5.3, §6.4, §7, §8.7).

Permissionless liquidation

Any address may liquidate an undercollateralized position. There is no allowlist of liquidators in v0 (spec §3.4). Liquidation incentives and close-factor limits are set in the contract parameters per asset (spec §5.1, §5.2). Liquidation is MEV-prone: any third party can liquidate within a single block. A single call repays at most 50% of the position's debt unless the health factor falls below ~0.95, when full close-out is permitted.

Chainlink price feeds, fail-closed

Every price read goes through a per-asset adapter that validates the Chainlink round (updatedAt, aggregator bounds, finalized-round, per-asset staleness) on every call. If any check fails the read reverts; there is no silent fallback to a stale price. Liquid-staking collateral additionally cross-checks the Chainlink price against the LST contract's on-chain canonical exchange rate and reverts on out-of-band deviation. Adapter swaps route through governance + timelock (spec §4, §4.2, §4.3).

Threat model

The protocol-level threat model — actors, trust assumptions, asset flows, and mitigations — is published as §§2 and 8 of the v0 architecture spec at docs/spec/v0-architecture.md. It covers STRIDE analysis, reentrancy, oracle manipulation, MEV, token-compatibility, donation/inflation, governance capture, init/deploy sequencing, arithmetic, DoS, and the bad-debt withdrawal race. Per-contract threat-model addenda will be published under docs/threat-models/ as each contract lands.