Author: ChandlerZ, Foresight News

On June 5, Aave officially deployed the Umbrella security module. This module will be launched in phases, marking that AAVE will no longer directly bear risks, and aToken holders will assume risk responsibilities, achieving a direct correlation between risk and reward.

What has changed with the Umbrella security module?

The Umbrella security module is a core smart contract system used for risk management and incentives within the Aave protocol. Compared to the previous security module, Umbrella unifies the management of multiple StakeTokens associated with a single Aave v3 liquidity pool through the core contract Umbrella Core, responsible for slashing and deficit compensation functions.

This module defines two types of deficit states:

1. "Pending Deficit," which refers to the financial losses that have been slashed from StakeTokens but have not yet been compensated;
2. "Deficit Offset," which sets a threshold that, when the liquidity pool's losses fall below this threshold, does not trigger slashing operations.

For example, in the Aave v3 USDC liquidity pool on the Ethereum mainnet, if the set deficit offset is 500 USDC, slashing of the corresponding waUSDC staked tokens will only occur when losses exceed this amount.

In the specific process, when the liquidity pool incurs a deficit of 1000 USDC, the automated system calls the slash function of Umbrella Core, and based on the preset 500 USDC deficit offset, it actually slashes 500 USDC of waUSDC tokens. The slashed token funds are transferred to the Aave Collector, and these funds are no longer available for withdrawal by stakers. Subsequently, entities with coverage authority will call the coverPendingDeficit function to pull the corresponding funds from the Collector and invoke the eliminateReserveDeficit interface of the Aave v3 liquidity pool to complete the loss coverage.

In terms of permission settings, Aave governance is responsible for configuring asset pairs, adjusting slashing parameters, and contract upgrades. Slashing operations are open to all users and can be triggered according to contract rules, ensuring the system automatically responds to liquidity pool risks. Coverage operations for deficits are limited to entities holding the COVERAGEMANAGERROLE, ensuring that fund flows are controlled and compliant.

Additionally, Umbrella provides a supporting user interface that allows users to stake, redeem, activate cooling periods, and claim rewards. To simplify multi-step interactions, a batch operation auxiliary contract, UmbrellaBatchHelper, licensed under MIT, has been designed to facilitate third-party developers' integration and optimization of user experience.

Overall, the Umbrella security module enhances the flexibility and transparency of liquidity pool risk control by introducing a refined deficit management mechanism and clear division of responsibilities, providing a robust technical foundation for Aave DAO governance and operations.

What are the potential advantages and disadvantages of the Umbrella security module?

For the protocol as a whole and its users, the Umbrella security module has the following pros and cons:

Potential Advantages:

• Refined risk management: Umbrella Core supports setting a "deficit offset" threshold, allowing the DAO to establish specific deficit thresholds to determine whether to trigger slashing, increasing flexibility in handling minor losses. For example, when losses are below 100,000 USDC, Aave Collector can cover them first, avoiding slashing of staked assets.
• Modularity and scalability: The Umbrella core uniformly manages various StakeToken instances, supporting multi-network and multi-asset expansion, facilitating governance-level strategy deployment.
• Open interfaces and UI support: It provides an open-source front end and auxiliary contracts (UmbrellaBatchHelper), enhancing user interaction experience and facilitating integration and secondary development.

Potential Disadvantages and Risks:

• Staking rewards linked to risks: Compared to the traditional Safety Module, stakers under Umbrella bear clear slashing risks. When liquidity pool losses exceed the set threshold, StakeTokens will be deducted. For example, if losses exceed 500 USDC, the system will deduct the corresponding staked assets.
• Slashed assets are non-recoverable: Slashed StakeTokens are sent to the Aave Collector to cover liquidity pool losses, and stakers cannot redeem them. The system covers risks through this mechanism, but users permanently lose the corresponding assets.
• Dependence on permissioned role operations: Coverage operations must be triggered by entities holding the COVERAGEMANAGERROLE; if governance or operations experience delays, it may affect the efficiency of risk management.
• Complex transition mechanism: In the initial phase of Umbrella's launch, stkAAVE/stkABPT and Umbrella StakeTokens coexist, requiring users to pay attention to migration paths and incentive changes to prevent misunderstandings or operational errors due to adjustments.

User concerns regarding staking rewards

In the Umbrella module, users' staking yield rates are set by governance and dynamically adjusted based on total staking volume and reward pool balance. Each type of StakeToken (e.g., waUSDC, waGHO) needs to be initialized through governance proposals, configuring its target liquidity, maximum reward per unit time, and distribution cycle. The reward funds come from a preset rewardPayer address, usually the Aave DAO's Collector or its sub-accounts.

Taking USDC as an example, if the target liquidity is 1 million USDC, but only 500,000 is actually staked initially, the rewards will be concentrated and distributed, resulting in a relatively higher yield; as the staking volume increases, the yield will approach the governance-set target level. If reward funds are insufficient or delayed in replenishment, the yield may decrease or even be interrupted.

It is noteworthy that GHO stakers are particularly affected during this migration. Since the target liquidity and annual incentive cap set for waGHO in the Umbrella module are significantly lower than the subsidy levels for stkGHO in the old security module, this may lead to an expected annual yield drop from 13% to around 7.7%, potentially affecting GHO's market demand and overall issuance pace.

Moreover, unlike the old security module, Umbrella allows for flexible reward settings by asset, making it easier to link with the protocol's risk levels. However, users' yields are highly dependent on governance efficiency and fund allocation capabilities, necessitating attention to governance progress and the status of reward pools across networks to assess the trade-off between potential returns and liquidity risks.

Summary

In May 2025, Aave maintained high liquidity on major chains such as Ethereum and Arbitrum, coupled with a flash loan service fee of 0.09%, along with large loan volumes, driving the protocol's revenue for the month to approximately 39 million USD. Based on this, Aave's market share in the money market sector exceeds 50%. Although the price of AAVE tokens has not yet broken through historical highs, as a well-established DeFi project, it has shown relatively stable performance. Comprehensive operational metrics indicate that Aave's dominant position in the crypto lending market remains at a high point over the past two years.

The launch of the Umbrella security module reflects Aave's ongoing advancements in product and risk management. With a solid business foundation, if the current pace of innovation is maintained, future performance is expected to improve. This continuous optimization and improvement also provide a reference for other DeFi projects. In an increasingly competitive environment, ongoing technological and product updates are key to maintaining competitiveness and achieving long-term development.

免责声明：本文章仅代表作者个人观点，不代表本平台的立场和观点。本文章仅供信息分享，不构成对任何人的任何投资建议。用户与作者之间的任何争议，与本平台无关。如网页中刊载的文章或图片涉及侵权，请提供相关的权利证明和身份证明发送邮件到support@aicoin.com，本平台相关工作人员将会进行核查。