Security

Peace of mind by design.

Audits

Aave’s official audit reports and verifications from independent security companies.

Safety Module

The Aave Protocol is secured with a safe backstop for protocol insolvency worth $246,613,412.

Learn more

Client Application

DDOS Protection

Advanced cloud-based DDoS protection services are used to identify and neutralize threats before they reach interface infrastructure. Scalable solutions are used so that applications can remain accessible, even during periods of high request volume.

Domain Protection

To safeguard the domain, DNSSEC is used to protect against DNS spoofing and validate that domain name requests are securely authenticated. Regular monitoring and updates to DNS configurations help prevent unauthorized domain transfers.

Intrusion Detection

The front-end employs state-of-the-art intrusion detection systems (IDS) that monitor for suspicious activities and potential threats, assisting with rapid detection and response to protect user data.

Modification Detection

Content Security Policy (CSP) and Subresource Integrity (SRI) checks are used to detect and prevent unauthorized modifications to front-end code, maintaining the integrity and security of the application.

IPFS Naming Records

Each commit of the Aave Interface codebase is automatically deployed to IPFS. The app.aave.com IPNS pointer and domain text records, using the DNSLink standard, are continuously updated to reflect latest deployment hash.

Aave.com provides information and resources about the fundamentals of the decentralised non-custodial liquidity protocol called the Aave Protocol, comprised of open-source self-executing smart contracts that are deployed on various permissionless public blockchains, such as Ethereum (the "Aave Protocol" or the "Protocol"). Aave Labs does not control or operate any version of the Aave Protocol on any blockchain network.