We are pleased to see active community engagement throughout the evolution of this proposal and continue to be excited by the developing contributor landscape focused on risk for the Aave Protocol.
Overall, strong risk management is central to the protocol’s success, and it is positive to see multiple contributors in this area take part in Aave’s governance process and show an interest in providing services to the DAO.
I’m supportive of the adjusted scope and am excited to see this proposal going for a vote.
Disclosure: Standard Crypto is an investor in both Aave and Gauntlet.
We’re glad to see market risk getting more attention recently. While the merge and concerns regarding stETH have passed, the development cadence and complexity of Aave will continue to make risk management important. The Aave community needs to continue our leadership on this front.
Regarding the proposal, we believe simulation has an important role to play for risk management. We’d love to better understand the details of how this approach adds to the suite of risk-related services the DAO already consumes.
@omergoldberg - Would you be willing to go into a bit more detail on your approach and how it complements what others (e.g. Gauntlet) are currently doing for Aave?
It would help us, and others I’m sure, form a view when it comes to a formal proposal.
Chaos Labs - Risk and Simulation Platform Proposal
Proposal Updates
We have received valuable feedback on the Chaos Labs <> AAVE engagement proposal. After conversations with multiple DAO members, we have adopted the feedback and revised our original proposal. The spirit of this proposal is to optimize Aave protocol ROI and give Chaos the opportunity to put its best foot forward in driving significant value to the community over the long-term. We are excited to begin contributing full-time and confident that the quality of work and speed of execution will speak for themselves.
Revised Scope
Chaos Labs will focus on risk management and parameter recommendations for all v3 markets. This includes:
We have removed all work regarding GHO and reduced the v3 scope to be more clearly defined. Based on conversations with the community, the release of GHO has been postponed, and thus work from external parties is out of scope. We believe our platform can be beneficial to launching this product and hope to be involved as it gets closer to launch.
We have additionally broken the payment structure down into:
The full term is 12 months, but after an initial 6-month period, the Aave DAO will have the opportunity to terminate the relationship if it finds Chaos Labs’ deliverables unsatisfactory (outlined below).
Summary
Chaos Labs is proposing to onboard the Aave community into its risk and simulation platform to test Aave v3, new protocol upgrades, and parameter recommendations in various market structures and scenarios. This platform will support the community in onboarding new collateral types, assets, and bespoke protocol research with publicly available analysis and results.
Who is Chaos Labs?
Company background
Chaos Labs is a software company building a unified simulation platform that allows teams to test protocols efficiently while understanding how they will react to adversarial market environments. The backbone of our technology is a cloud-based, agent- and scenario-based simulation engine that allows users to create specific market environments to test new features & assets to understand risk parameters better. Our team comprises top engineers from companies such as Apple, Facebook, Instagram, Amazon, Microsoft, Google, and more with years of experience in infrastructure, security, and platform “chaos” engineering.
The Chaos Labs simulation platform and environment are built to be as close to mainnet as possible. Each simulation run forks from a specified block height (default block height is the most recent) so that your inputs include up-to-date account balances and the latest smart contracts and code deployed across DeFi. While testing volatile environments, it is imperative to look at your protocol holistically. The Chaos Simulation platform helps understand how external factors (cascading liquidations, oracle failure, gas fees, liquidity crises, etc.) will impact a protocol in various situations.
Company values
Our mission is to secure and optimize protocols through verifiable agent- and scenario-based simulations.
Why economic security and testing are important & how Chaos protects against it
Security audits and penetration testing are crucial parts of the security stack, but they alone are not all-encompassing to limit the surface areas of vulnerability. Their primary function is to ensure that your code does what you want your code to do and that there are no major flaws, assumptions, or errors in what you wrote as you wrote it. We view Economic security as the next piece of cheese in the security stack (ref: Swiss Cheese Model), building upon the correctness of their reviews and manipulating the environment around the protocol to ensure the intended behavior plays out as intended in different scenarios ranging from business as usual to black swan events.
Since the rise of “DeFi summer,” we’ve seen nefarious actors managing to manipulate core protocols in increasingly creative manners. They are no longer looking for flaws in code, but they are manipulating the market around the target protocol to gain entrance and exploit it. This roundabout attack vector heightens the need for complex parameter setting procedures; knowing how different values for certain assets react in different environments will allow for more confident governance and usage of the protocol.
Proposal
Over this engagement, we will deliver a suite of new products for contributor parameter analysis and open the tooling up to a broader community group to run it in the future. As we embark on product development with Aave, we anticipate managing simulation creation, feedback integration, and reporting until the platform is ready for community control. In the future, we can create a new AIP proposal creating an Aave-dedicated simulation creation and analytics team (similar to the Risk DAO proposal), which can provide another voice in risk-mitigation conversations powered by data.
To continue to enhance risk coverage of the Aave protocol and transparency to the community, we’d propose tooling to cover a few major areas:
Simulation engine platform & unified infrastructure
From a risk and infrastructure standpoint, we see a number of tools that need to be developed and maintained for Aave to increase its security coverage on top of that provided by teams like BGD, Certora, Gauntlet, & Sigma Prime. The current risk coverage covers Aave v2 (well) and asset onboarding (less so) but can be enhanced to analyze and optimize a number of areas with specific simulation and dashboard tooling to be delivered to the community.
Chaos Labs has developed a novel, cloud-based, agent- and scenario-based simulation platform. Our product is built on the ethos that a valuable testing environment is as close to a production environment as possible. Therefore, we utilize a hybrid approach of on-chain and off-chain simulations.
On-Chain Simulations
On-Chain Simulations fork the blockchain from a specified block height and deploy a catalog of agents, scenarios, and observations within the Chaos Cloud environment.
Agents emulate user behavior and allow us to emulate different risk behavior for protocol users. The Chaos Scenario Catalog lets us control macro variables and conditions such as gas fees, DEX and protocol liquidity, oracle return values, Black Thursday Level market events, and more. Observers allow for deep protocol analysis and better simulation insights.
Through this robust software, users can control and test a host of different factors that can impact protocol security and user funds, including
Economic security testing and simulations via the Chaos Labs platform allow you to test your protocol in different scenarios and custom environments to understand where your risks lie before a malicious actor can exploit them. Some examples:
In this manner, we will integrate directly with the Aave protocol and provide transparent simulation insights.
Off-Chain Simulations
Chaos Labs also deploys off-chain simulations, utilizing machine learning and statistical models that ingest data sets from various off-chain data sources to test economic structures prior to any solidity or on-chain code being written. As part of the off-chain simulations, Chaos Labs will run a massive number of Monte Carlo simulations to assess the protocol’s VaR per Market (Chain) and across markets.
A combination of On-Chain and Off-Chain simulations allows us to control and test a host of different factors that can impact protocol security and user funds including:
Product Screenshots
Asset Listing Portal
One of the focuses of this engagement would be building an Asset Listing Portal to help streamline new collateral onboarding to the Aave protocol similar to what we have built for dYdX, found here. This tool will help streamline community decision-making by automating the collection and analysis of key markets data around assets such as:
This tool will help streamline the addition of new assets to the Aave platform, thus increasing platform fees to the treasury and token suppliers while balancing the overall protocol health.
Community engagement
Community Risk Calls
As part of our commitment and efforts towards community engagement to further drive protocol security, Chaos Labs would organize a monthly risk call for the Aave community alongside DAO contributors. This call would be focused on any new major protocol or market developments such as:
We would schedule said calls for a recurring hour-long block on a monthly basis in addition to any ad-hoc community risk calls when deemed necessary. A recording and summary of these calls will be provided.
Ongoing updates
Aave’s dedicated relationship manager will be an active participant in organizing the risk conversation and updating the community in the forums. We will commit to a monthly update post focusing on both works complete and ongoing as determined by the community. We will also host monthly office hours to be available for community Q&A.
Long-term relationship
As has been stated above, we are a software company at our core. We’re building a robust platform that empowers communities to develop, test, and risk-manage their protocols at a more sophisticated level without needing to rely on any single outside third party. While our focus is to use this engagement period on product development for the Aave community, our hope is to eventually onboard a consortium of community members to create the relevant testing environments and risk evaluations for the Aave protocol on top of the Chaos Labs platform. We promise to be as transparent as possible during the process while it is centrally managed to build towards this more open and decentralized future.
Measures of Success
Security and testing is a tough realm to measure appropriately. The successful completion of the Aave protocol’s objectives will be measured against KPIs that will be derived from the specific objectives agreed upon between Aave and Chaos Labs. On top of those, We will also look to measure things such as:
Previous Aave Work
Pricing
12-month engagement term
$500,000 flat engagement fee paid in USDC streamed linearly over the course of the contract
$175,000 paid in AAVE tokens payable upon delivery of the Aave Asset Listing Portal (7-day TWAP)
$175,000 paid in AAVE tokens payable upon delivery of the Aave Parameter Recommendations Tools (7-day TWAP)
(Delivery is defined by open access of the tool to the community shared in the Aave Forum)