Executive Summary

Bug Hunter examined AAVE's yield farming contracts for vulnerabilities and implementation risks. This page summarizes the analysis.

Engagement Overview and Scope

A codebase from project AAVE was reviewed for security vulnerabilities by Bug Hunter with the following details:

• GitHub Repository: https://github.com/aave/protocol-v2
• Commit hash: 12d97f9f13a3f04c206c6a72b93c23126b869572

Bug Hunter reviewed the following files:

• LendingPoolAddressesProvider.sol
• LendingPoolAddressesProviderRegistry.sol
• IAaveIncentivesController.sol
• IChainlinkAggregator.sol
• IERC20.sol
• IERC20Detailed.sol
• IExchangeAdapter.sol
• ILendingPool.sol
• ILendingPoolAddressesProvider.sol
• ILendingPoolAddressesProviderRegistry.sol
• ILendingRateOracle.sol
• IPriceOracle.sol
• IPriceOracleGetter.sol
• IReserveInterestRateStrategy.sol
• ISwapAdapter.sol
• IUniswapExchange.sol
• DefaultReserveInterestRateStrategy.sol
• LendingPool.sol
• LendingPoolCollateralManager.sol
• LendingPoolConfigurator.sol
• LendingPoolStorage.sol
• ReserveConfiguration.sol
• UserConfiguration.sol
• GenericLogic.sol
• ReserveLogic.sol
• ValidationLogic.sol
• Errors.sol
• Helpers.sol
• MathUtils.sol
• PercentageMath.sol
• Context.sol
• IERC20DetailedBytes.sol
• AToken.sol
• IncentivizedERC20.sol
• StableDebtToken.sol
• VariableDebtToken.sol
• DebtTokenBase.sol
• IAToken.sol
• IScaledBalanceToken.sol
• IStableDebtToken.sol
• IVariableDebtToken.sol

---

Summary of Findings

The uncovered vulnerabilities in the codebase during the security review are summarized in the table below:

Severity	Count
High	0
Medium	4
Low	21

FULL REPORT

📄 Click here to view the full PDF report