Long before we unveiled Aera to the world in October 2022, we prioritized development of a robust security framework to fortify our vaults against potential risks. We did so without compromising on our promise to offer programmable vaults fully owned and controlled by their owners.

Today, two years after that initial unveiling and one year since vaults became publicly available, we remain vigilant in proactively strengthening our security. In this post, we’ll cover how we approach security and strive to continuously enhance the security posture of Aera vaults.

Our Multi-Layered Security Framework

Our approach to security relies on a combination of external security partnerships, internal safeguards, and ongoing vigilance and refinement.

Designed with Security in Mind

Aera vaults are designed to enable self-custody of assets, a foundational principle that helps minimize risk.

A vault owner always retains full control of their assets, which they can withdraw at any time without a delay or cooling-off period. This self-custodial design means that no Aera team member, nor third-party Guardian, has access to a vault’s underlying assets.

Self-custody of Aera vaults is enabled by the user’s ownership of both the vault’s asset registry and hooks contracts. These are used to limit what assets and protocols the vault can interact with and the range of operations that can be triggered by Guardians.

External Security Audits & Partnerships

We collaborate with industry-leading external partners to audit our protocol. Our security audits are thorough, iterative, and cover every major protocol update:

• Spearbit Audits: Spearbit, a distributed network of industry-leading security researchers, audited both v1 and v2 of our protocol (here’s its most recent audit). Our team addressed all relevant issues identified by Spearbit prior to the launch of v2.

• OpenZeppelin Integration Audit: We also mandate additional audits for specialized integrations to ensure no vulnerabilities go unnoticed. OpenZeppelin, for example, audited our LlamaPay integration.

We also run an active bug bounty program with Immunefi, encouraging responsible disclosures. This program is continuously calibrated based on TVL growth, ensuring it scales with the risks and stakes involved.

Internal Security Procedures

While external audits are crucial, a commitment to security begins internally. We’ve implemented a rigorous internal process designed to proactively catch vulnerabilities and minimize risks.

• Comprehensive Testing: Every patch goes through extensive unit testing, integration testing, and static analysis.

• Internal Auditing: An 18-step internal auditing process (see more below) ensures every code change is evaluated for security risks by a team that includes engineers not responsible for developing the original feature.

• Threat Model: We maintain and regularly update a comprehensive threat model to anticipate and mitigate potential vulnerabilities.

• Active Monitoring: Guardians, like Gauntlet, actively monitor all activity across vaults, as well as macro and micro market conditions, updating Aera’s strategies as needed to properly manage risk.

A Structured Approach to Code Changes

Each update to the Aera protocol follows a detailed process designed to ensure we catch any bugs before new features are shipped.

1. Specification and Threat Modeling: Before writing any code, we develop an Aera Enhancement Proposal (AEP), which outlines the feature specifications and highlights any potential changes to the threat model. This proposal is reviewed by multiple team members to ensure it meets our security standards.

2. Development and Testing: Once the specification is approved, the feature undergoes rigorous development and testing. We maintain 100% unit test coverage, employ various forms of integration testing, and run static analysis tools such as Slither on every commit.

3. Internal Auditing: An internal audit lead is assigned to perform a comprehensive 18-step audit of the code. This process mimics top-tier security companies' procedures, helping us catch as many issues as possible before handing over the code for external auditing. Doing so enables external auditors to focus on the most critical portions of an audit.

4. Test Vaults: After passing internal audits, the code is deployed to production on our own vault, which holds Aera’s own capital. This step ensures that any issues are caught before we ship a new feature with the potential to affect other users’ vaults.

Key Risks and How We Mitigate Them

No protocol or smart contract is without risks, and we believe in transparency about the challenges that exist. Here are a few highlighted risks related to Aera vaults and the steps we take to mitigate them:

• Front-Running Risk: On certain chains and assets, there’s a risk of price manipulation when using Automated Market Makers (AMMs). To minimize this, we use slippage limits and recommend deploying Aera with a trusted guardian.

• Real-Time Response Limits: While our contracts are automated, some unforeseen events (like a loss of parity or hack) may require urgent actions. However, vault owners have direct access to execute necessary functions.

• Guardian Submissions and Collusion: While we have worked hard to mitigate the power of the Guardian role in the contracts, errors in the offchain code (due to errors in data received from an ETL provider, for example) could lead to incorrect parameters being submitted to the vault or a missed submission. Additionally, a vault owner should assign roles carefully in order to avoid conflicts of interest or collusion. In the event of a malicious Guardian, vault owners have the power to stop vault operations at any point and to remove or replace the current Guardian.

• Oracle Quality and Dependencies: We rely on high-quality onchain oracles to safeguard vaults. While we aim for the best oracles, less liquid assets can present higher risk. Moreover, Aera cannot protect against vulnerabilities in DeFi protocols we interact with, so we carefully vet integrations to ensure they are safe and effective.

Conclusion

We’re committed to empowering users with secure, non-custodial solutions for managing their onchain assets. From our rigorous internal and external audits to our comprehensive threat modeling and real-time testing, we take a comprehensive approach to fortifying your Aera vaults.

The nature of our industry requires us to constantly anticipate and investigate new potential threat vectors. Our range of internal testing, external audit, and bug bounty processes ensures a robust security posture as we continue to enhance the Aera protocol and onboard new vault owners.

If you want to learn more about Aera vaults and how they can help streamline management of your onchain assets, please reach out on social media or explore our website.