27.md

Payloads

• Network: Ethereum, PayloadsController: 0xdAbad81aF85554E9ae636395611C58F7eC1aAEc5, ID: 62

Proposal 27

• Simulation: https://dashboard.tenderly.co/me/simulator/e7550f75-0a0b-4e21-8886-fea833a8fb78
• state: Executed
• creator: 0xf71fc92e2949ccF6A5Fd369a0b402ba80Bc61E02
• maximumAccessLevelRequired: 1
• payloads: [{"chain":"1","accessLevel":1,"payloadsController":"0xdAbad81aF85554E9ae636395611C58F7eC1aAEc5","payloadId":62}]
• createdAt: 14/02/2024, 15:25:47
• queuedAt: 18/02/2024, 16:09:35
• executedAt: 18/02/2024, 16:09:59, timestamp: 1708272599, block: 19255781

Ipfs

Proposal text

Simple Summary

Proposal to release a grand total of 86’500 USDC, for bounties pending from before the setup of the Aave <> Immunefi official bug bounty program.

Motivation

Before the setup of the Aave <> Immunefi bug bounty program on September 25th 2023, security reports by white hats were evaluated in an ad-hoc basis.

Currently, every report is being processed via Immunefi and the rules of the Aave program, however, there were other reports submitted via other channel before that. As these reports should be evaluated at time of submission for fairness, and outside of the Immunefi scope defined afterwards, we think it is a good idea to reward them separately and retro-actively outside the program.

In one of the cases, we had recommended the white hat to submit the report via Immunefi, in order to have access to the mediation procedure of the platform. As this mediation process was finally requested by the white hat, Immunefi charges the corresponding fee of 10% of the amount.

Specification

This proposal, will release the following funds to white-hat addresses and the Immunefi platform, from the Aave Ethereum Collector:

• $65’000 to 0xFa760444A229e78A50Ca9b3779f4ce4CcE10E170.

• $15’000 to 0x7dF98A6e1895fd247aD4e75B8EDa59889fa7310b.

• $6'500 to 0x2BC5fFc5De1a83a9e4cDDfA138bAEd516D70414b (immunefi.eth). This is the fee corresponding to the 10% of the bounty being paid.

Note: After checking with a financial contributor to the DAO (TokenLogic & Karpatkey), the asset used for the transfers is aUSDC v2 Ethereum

References

• Implementation: AaveV3Ethereum
• Tests: AaveV3Ethereum
• Snapshot
• Discussion

Copyright

Copyright and related rights waived via CC0.

Check: Reports all state changes ✅

Info

KeeperRegistry at 0x02777053d6764996e594c3E88AF1D58D5363a2e6

@@ `s_upkeep` key `"2651260633509968244842245718659958660539758109819220392919944208741153930322".lastKeeper` @@
- 0x3824b7a9c6d4ea93456df9b07df4ffdb37ffbcbf
+ 0x0fd40853b3b8c7805158b862b76b35a2a27b596a

TransparentUpgradeableProxy at 0x9AEE0B04504CeF83A65AC3f0e838D0593BCb2BC7👻 with implementation Governance at 0x58BcB647C4beFf253B4B6996c62F737B783f2cDd

@@ `_proposals` key `"27".state` @@
- 2270683731123652242685019681196340001550041347
+ 2270683731123652242685019681196340001550041348

TransparentUpgradeableProxy at 0xdAbad81aF85554E9ae636395611C58F7eC1aAEc5👻 with implementation PayloadsController at 0x7222182cB9c5320587b5148BF03eeE107AD64578

@@ Slot `0x7bfa808024a5334b0a1e191d8e95f6724ea40d1a03d1286b6934e670f8c6924b` @@
- "0x00000000000065ccdadf0101f71fc92e2949ccf6a5fd369a0b402ba80bc61e02"
+ "0x0065d22bd70065ccdadf0201f71fc92e2949ccf6a5fd369a0b402ba80bc61e02"

TransparentUpgradeableProxy at 0xEd42a7D8559a463722Ca4beD50E0Cc05a386b0e1👻 with implementation unknown contract name at 0x28559c2F4B038b1E836fA419DCcDe7454d8Fe215

@@ Slot `0x0000000000000000000000000000000000000000000000000000000000000002` @@
- "0x00000000000000000000000000000000000000000000000000000000000000b5"
+ "0x00000000000000000000000000000000000000000000000000000000000000b6"
@@ Slot `0x0000000000000000000000000000000000000000000000000000000000000003` @@
- "0x00000000000000000000000000000000000000000000000000000000000000b5"
+ "0x00000000000000000000000000000000000000000000000000000000000000b6"
@@ Slot `0x48cd763029094235d3267fc6bf3ad644456d7a11e7b97b0ed8e3592a7417c81c` @@
- "0x0000000000000000000000000000000000000000000000000000000000000000"
+ "0x0000000000000000000000000000000000000000000000000000000000000001"
@@ Slot `0xf87d1a1a0b490d83cc0e47e261f619ee0f4c7bf978519fde2c9d16675a48a92d` @@
- "0x0000000000000000000000000000000000000000000000000000000000000000"
+ "0x0000000000000000000000000000000000000000000000000000000000000001"

Check: Reports all events emitted from the proposal ✅

Info

• TransparentUpgradeableProxy at 0xEd42a7D8559a463722Ca4beD50E0Cc05a386b0e1👻 with implementation unknown contract name at 0x28559c2F4B038b1E836fA419DCcDe7454d8Fe215
  • EnvelopeRegistered(envelopeId: 0xaefd297ff67dc7c0dce72c482e96689ecd07575c654f096cc0274507d9eced7c, envelope: [object Object])
  • TransactionForwardingAttempted(transactionId: 0x88ec45cdffab0388d1bcf7981a8233cbc909f6ed29c1b7e03d7abfaab4e08318, envelopeId: 0xaefd297ff67dc7c0dce72c482e96689ecd07575c654f096cc0274507d9eced7c, encodedTransaction: 0x000000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000b500000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000160000000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000b50000000000000000000000009aee0b04504cef83a65ac3f0e838d0593bcb2bc7000000000000000000000000dabad81af85554e9ae636395611c58f7ec1aaec50000000000000000000000000000000000000000000000000000000000000001000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000c00000000000000000000000000000000000000000000000000000000000000060000000000000000000000000000000000000000000000000000000000000003e00000000000000000000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000065ce2d13, destinationChainId: 1, bridgeAdapter: 0x118dfd5418890c0332042ab05173db4a2c1d283c, destinationBridgeAdapter: 0x118dfd5418890c0332042ab05173db4a2c1d283c, adapterSuccessful: true, returnData: 0x000000000000000000000000dabad81af85554e9ae636395611c58f7ec1aaec50000000000000000000000000000000000000000000000000000000000000000)
• TransparentUpgradeableProxy at 0xdAbad81aF85554E9ae636395611C58F7eC1aAEc5👻 with implementation PayloadsController at 0x7222182cB9c5320587b5148BF03eeE107AD64578
  • PayloadQueued(payloadId: 62)
  • PayloadExecutionMessageReceived(originSender: 0x9aee0b04504cef83a65ac3f0e838d0593bcb2bc7, originChainId: 1, delivered: true, message: 0x000000000000000000000000000000000000000000000000000000000000003e00000000000000000000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000065ce2d13, reason: 0x)
• TransparentUpgradeableProxy at 0x9AEE0B04504CeF83A65AC3f0e838D0593BCb2BC7👻 with implementation Governance at 0x58BcB647C4beFf253B4B6996c62F737B783f2cDd
  • PayloadSent(proposalId: 27, payloadId: 62, payloadsController: 0xdabad81af85554e9ae636395611c58f7ec1aaec5, chainId: 1, payloadNumberOnProposal: 0, numberOfPayloadsOnProposal: 1)
  • ProposalExecuted(proposalId: 27)
• GovernanceChainRobotKeeper at 0x011824f238AEE05329213d5Ae029e899e5412343
  • ActionSucceeded(id: 27, action: 1)
• KeeperRegistry at 0x02777053d6764996e594c3E88AF1D58D5363a2e6
  • UpkeepPerformed(id: 2651260633509968244842245718659958660539758109819220392919944208741153930322, success: true, from: 0x0fd40853b3b8c7805158b862b76b35a2a27b596a, payment: 0, performData: 0x00000000000000000000000000000000000000000000000000000000000000200000000000000000000000000000000000000000000000000000000000000001000000000000000000000000000000000000000000000000000000000000001b0000000000000000000000000000000000000000000000000000000000000001)

Check: Check all touched contracts are verified on Etherscan ✅

Info

• 0x0fd40853b3b8c7805158b862b76b35a2a27b596a: EOA (verification not applicable)
• 0x02777053d6764996e594c3e88af1d58d5363a2e6: Contract (verified) (KeeperRegistry)
• 0x169e633a2d1e6c10dd91238ba11c4a708dfef37c: Contract (verified) (EACAggregatorProxy)
• 0x785433d8b06d77d68df6be63944742130a4530d1: Contract (verified) (AccessControlledOffchainAggregator)
• 0xdc530d9457755926550b59e8eccdae7624181557: Contract (verified) (EACAggregatorProxy) 👻
• 0xbba12740de905707251525477bad74985dec46d2: Contract (verified) (AccessControlledOffchainAggregator)
• 0x011824f238aee05329213d5ae029e899e5412343: Contract (verified) (GovernanceChainRobotKeeper)
• 0x9aee0b04504cef83a65ac3f0e838d0593bcb2bc7: Contract (verified) (TransparentUpgradeableProxy) 👻
• 0x58bcb647c4beff253b4b6996c62f737b783f2cdd: Contract (verified) (Governance)
• 0xa198fac58e02a5c5f8f7e877895d50cfa9ad1e04: Contract (verified) (GovernancePowerStrategy) 👻
• 0x7fc66500c84a76ad7e9c93437bfc5ac33e2ddae9: Contract (verified) (InitializableAdminUpgradeabilityProxy) 👻
• 0x5d4aa78b08bc7c530e21bf7447988b1be7991322: Contract (verified) (AaveTokenV3)
• 0x4da27a545c0c5b758a6ba100e3a049001de870f5: Contract (verified) (InitializableAdminUpgradeabilityProxy) 👻
• 0x0fe58fe1caa69951dc924a8c222be19013b89476: Contract (verified) (StakedAaveV3)
• 0xa700b4eb416be35b2911fd5dee80678ff64ff6c9: Contract (verified) (InitializableImmutableAdminUpgradeabilityProxy) 👻
• 0x366ae337897223aea70e3ebe1862219386f20593: Contract (verified) (ATokenWithDelegation)
• 0xed42a7d8559a463722ca4bed50e0cc05a386b0e1: Contract (verified) (TransparentUpgradeableProxy) 👻
• 0x0bf5bbfae7808d329e0ba8277e0b746bbfda68f1: Contract (verified) (CrossChainController)
• 0x118dfd5418890c0332042ab05173db4a2c1d283c: Contract (verified) (SameChainAdapter)
• 0xdabad81af85554e9ae636395611c58f7ec1aaec5: Contract (verified) (TransparentUpgradeableProxy) 👻
• 0x7222182cb9c5320587b5148bf03eee107ad64578: Contract (verified) (PayloadsController)

Check: Check all touched contracts do not contain selfdestruct ✅

Warnings

• 0x9aee0b04504cef83a65ac3f0e838d0593bcb2bc7: Contract (with DELEGATECALL)👻
• 0x7fc66500c84a76ad7e9c93437bfc5ac33e2ddae9: Contract (with DELEGATECALL)👻
• 0x4da27a545c0c5b758a6ba100e3a049001de870f5: Contract (with DELEGATECALL)👻
• 0x0fe58fe1caa69951dc924a8c222be19013b89476: Contract (with DELEGATECALL)
• 0xa700b4eb416be35b2911fd5dee80678ff64ff6c9: Contract (with DELEGATECALL)👻
• 0xed42a7d8559a463722ca4bed50e0cc05a386b0e1: Contract (with DELEGATECALL)👻
• 0x0bf5bbfae7808d329e0ba8277e0b746bbfda68f1: Contract (with DELEGATECALL)
• 0xdabad81af85554e9ae636395611c58f7ec1aaec5: Contract (with DELEGATECALL)👻

Info

• 0x0fd40853b3b8c7805158b862b76b35a2a27b596a: EOA
• 0x02777053d6764996e594c3e88af1d58d5363a2e6: Contract (looks safe)
• 0x169e633a2d1e6c10dd91238ba11c4a708dfef37c: Contract (looks safe)
• 0x785433d8b06d77d68df6be63944742130a4530d1: Contract (looks safe)
• 0xdc530d9457755926550b59e8eccdae7624181557: Contract (looks safe)👻
• 0xbba12740de905707251525477bad74985dec46d2: Contract (looks safe)
• 0x011824f238aee05329213d5ae029e899e5412343: Contract (looks safe)
• 0x58bcb647c4beff253b4b6996c62f737b783f2cdd: Contract (looks safe)
• 0xa198fac58e02a5c5f8f7e877895d50cfa9ad1e04: Contract (looks safe)👻
• 0x5d4aa78b08bc7c530e21bf7447988b1be7991322: Contract (looks safe)
• 0x366ae337897223aea70e3ebe1862219386f20593: Contract (looks safe)
• 0x118dfd5418890c0332042ab05173db4a2c1d283c: Contract (looks safe)
• 0x7222182cb9c5320587b5148bf03eee107ad64578: Contract (looks safe)