The smart contracts implement the Executor for Governance actions on Arbitrum/Optimism, hence they bear a very privileged role within the Aave contracts on the network.

The most critical subjects covered in our audit are functional correctness and security of the queue / execution mechanism. The issues reported as part of the holistic assessment of the smart contracts security might affect the secure operation, depending on the behavior of the trusted roles.

In summary and under the assumption the trusted roles act correctly as expected, we find that the codebase provides a high level of security.

It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don’t replace other vital measures to secure a project.

“Aave is a decentralised non-custodial liquidity market protocol where users can participate as depositors or borrowers. Depositors provide liquidity to the market to earn a passive income, while borrowers are able to borrow in an overcollateralised (perpetually) or undercollateralised (one-block liquidity) fashion.”

(Source: https://docs.aave.com/faq/)