Aave Umbrella (Safety Module / Staking)
About
Aave Umbrella is the upgraded safety module of the Aave Protocol, where users stake supported assets (aTokens such as aUSDC, aUSDT, aWETH, or GHO) to help cover protocol deficits in exchange for rewards. Stakers earn both the underlying Aave supply yield from their aTokens plus additional Umbrella incentive rewards, while accepting automated slashing risk (up to full amount in extreme scenarios, though the DAO configures deficit offsets to absorb first-loss). The interface at stake.onaave.com is built by BGD Labs for the Aave DAO.
Where Does Yield Come From?
Yield in Aave Umbrella comes from two layers.
1. Underlying Aave yield. The assets you stake are "aTokens" (like aUSDC, aUSDT, aWETH). These are the same tokens you'd hold if you simply supplied funds to the Aave lending market. So they keep earning interest from borrowers, plus a tiny share of flash-loan fees (0.05% per flash loan on Aave V3). Over time, the aTokens themselves grow in value — that growth is your first yield layer.
2. Umbrella safety incentive rewards. On top of the lending yield, the protocol pays extra rewards for helping cover potential losses. The system is flexible: governance can set up to eight different reward tokens per staked asset. How much you earn depends on how much total value is staked:
- When total staked assets are below a target level, rewards are higher (to attract more stakers).
- When total staked assets are above the target, rewards are a bit lower.
- Rates adjust automatically as staking levels change.
Unstaking is not instant. You request to unstake, wait through a 20-day cooldown period, and then have a 2-day window to withdraw your funds.
Slashing risk. If the protocol suffers a deficit (bad debt), some of your staked assets can be taken automatically — but only for a specific situation: each staked aToken covers deficits only for the same asset on the same network. For example, staked aUSDC on Ethereum would cover only USDC deficits on Ethereum, not other tokens or chains. The Aave DAO (the governing body) also sets a "deficit offset" — a first-loss buffer — that absorbs losses before any staker funds are touched. Historically, the Safety Module has never been slashed.
Legacy safety module. There is also an older system where you can stake AAVE tokens (up to 20% slashing), AAVE/wstETH LP tokens (up to 20% slashing), or GHO (slashing disabled). Those use different token types (stkAAVE, stkABPT, stkGHO).
All reward rates and reward token choices are set through Aave Governance — meaning AAVE token holders vote on them.
Persons
Stani Kulechov
CEO, Aave Labs
Aleksey Gorbunov (isArlekin)
Contributor, BGD Labs
K.K. (smbdy)
Contributor, BGD Labs
Andrey (kyzia551)
Contributor, BGD Labs
Audits
| Audit / Date | Findings | Verdict |
|---|---|---|
MixBytes05-02-2025 - 15-05-2025 |
| The MixBytes audit found no critical or high severity vulnerabilities; the one medium and two low issues were all fixed, and the remaining observations are acknowledged DAO-level design decisions, making the codebase safe for deployment. |
Ackee Blockchain Security19-05-2025 |
| The audit found no critical or high-severity vulnerabilities; the most significant risk (shares inflation) was acknowledged by the client and accepted as a managed design trade-off. The overall contract architecture is sound for production use, with residual risks limited to configuration-dependent edge cases under active monitoring. |
| The one High-severity finding was fixed by BGD, and all Low-severity issues with concrete impact were also addressed, making the Umbrella contracts substantially safer for deployment, though residual design risks around liquidation bonus accounting and deficit elimination tracking remain acknowledged for future iterations. | |
| The audit found no Critical or High severity vulnerabilities; the 4 Low-severity findings were all addressed (Fixed or Acknowledged), and the final commit-by-commit diff validation confirmed no security-relevant changes were introduced between the reviewed snapshot and the deployed code, indicating the StakeToken contracts are ready for production use. | |
| The RewardsController audit found only informational-level issues, all of which were fixed or acknowledged by the development team, confirming a well-engineered codebase with no exploitable security vulnerabilities. | |
| The audit found no critical or high-severity issues; the two low-severity findings were either fixed or acknowledged, and the post-review diff validation shows only trivial changes between the audited code and the deployed version, indicating a clean security posture for the UmbrellaBatchHelper contract. | |
Certora06-02-2025 - 13-03-2025 |
| The audit confirms that all identified issues were fixed or acknowledged, and the formal verification rules pass, indicating the core slashing and deficit-management logic is sound. No critical or high-severity vulnerabilities were found, making the contracts safe for deployment from a security standpoint. |
Certora07-01-2025 - 23-01-2025 |
| The audit found zero vulnerabilities (critical, high, medium, or low) in the StakeToken contracts; the sole informational efficiency suggestion was promptly fixed. The combination of formal verification and manual review provides strong assurance that the contracts are safe for deployment. |
Certora23-01-2025 - 02-03-2025 |
| Certora's formal verification and manual audit of the RewardsController found zero vulnerabilities, with all 21 formal properties verified and no bugs discovered. The contracts appear to implement a robust, secure rewards distribution system with no outstanding risks identified. |
Certora25-02-2025 - 04-03-2025 |
| The audit found no vulnerabilities, confirming the UmbrellaBatchHelper contract is well-constructed for its intended purpose with no safety concerns identified. No residual risks were flagged by the reviewers. |
Legal
Registration jurisdiction
Cayman Islands
Status and notes
The services (aave.com website and app.aave.com interface) are provided by Aave Labs. Terms of Service specify governing law and arbitration seat in the Cayman Islands. Privacy Policy references the Data Protection Act of the Cayman Islands. Aave Labs is described as the original author and contributor to the Aave Protocol; the protocol itself is governed by the Aave DAO, not Aave Labs. Aave Labs states it does not control or operate any version of the Aave Protocol on any blockchain network. Contact: [email protected]. Terms of Service and Privacy Policy are published at aave.com/terms-of-service and aave.com/privacy-policy. The staking interface at stake.onaave.com (built by BGD Labs) requires acceptance of Terms & Conditions before use.