Audit firm tier

Aave v3's assessment for RD-F-005 — scored green on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

Five independent firms audited the v3.6.0 upgrade per Aave Governance Proposal 429 / aave-dao/aave-proposals-reports: Pashov Audit Group, Certora (continuous formal verification + adapted FV properties for v3.6), MixBytes, Savant, and Blackthorn. Certora is the standing security service provider for the Aave DAO. Historical v3 codebase has prior Tier-1 reviews (Trail of Bits, OpenZeppelin, SigmaPrime) but the v3.6.0 upgrade specifically was reviewed by the Pashov/Certora/MixBytes/Savant/Blackthorn cohort -- Spearbit is NOT a v3.6.0 reviewer.

Sources #

Docs
Aave Security — Audit FirmsAave security page — firm tier identificationretrieved 2026-04-27
Governance
https://vote.onaave.com/proposal/?proposalId=429retrieved 2026-05-06
GitHub
https://github.com/aave-dao/aave-proposals-reportsretrieved 2026-05-06

Methodology #

Classify each auditing firm into: Tier-1 (Trail of Bits / OpenZeppelin / ConsenSys Diligence / Certora / Sigma Prime / Spearbit / Zellic) / Tier-2 (established, named firm with public track record) / boutique / unknown.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol aave-v3 factor RD-F-005 score green collected_at 2026-04-27 23:28:46