Security
Peace of mind by design.
Audits
Aave’s official audit reports and verifications from independent security companies.
V3.1 Audits
View ContractsGHO Audits
View ContractsV3.0.1 Audits
View ContractsV3 Audits
View ContractsSafety Module
The Aave Protocol is secured with a safe backstop for protocol insolvency worth $246,613,412.
Learn moreClient Application
DDOS Protection
Advanced cloud-based DDoS protection services are used to identify and neutralize threats before they reach interface infrastructure. Scalable solutions are used so that applications can remain accessible, even during periods of high request volume.
Domain Protection
To safeguard the domain, DNSSEC is used to protect against DNS spoofing and validate that domain name requests are securely authenticated. Regular monitoring and updates to DNS configurations help prevent unauthorized domain transfers.
Intrusion Detection
The front-end employs state-of-the-art intrusion detection systems (IDS) that monitor for suspicious activities and potential threats, assisting with rapid detection and response to protect user data.
Modification Detection
Content Security Policy (CSP) and Subresource Integrity (SRI) checks are used to detect and prevent unauthorized modifications to front-end code, maintaining the integrity and security of the application.
IPFS Naming Records
Each commit of the Aave Interface codebase is automatically deployed to IPFS. The app.aave.com IPNS pointer and domain text records, using the DNSLink standard, are continuously updated to reflect latest deployment hash.