Aave Umbrella security module launched: directly linked to risk and return, reshaping DeFi staking logic

By ChandlerZ, Foresight News

On June 5, Aave officially deployed the Umbrella security module. The module will be launched in phases, marking that AAVE will no longer directly bear risk, and aToken holders will bear the responsibility for risk, realizing a direct correlation between risk and return.

What has changed with the Umbrella Security Module?

The Umbrella Security Module is the core smart contract system used in the Aave protocol for risk management and incentives. Compared with the previous security module, Umbrella uses the core contract Umbrella Core to centrally manage multiple Staking Tokens associated with a single Aave v3 pool, responsible for slashing and gap compensation functions.

The module defines two gap states:

one is "Pending Deficit", which refers to the loss of funds that have been cut from StakeToken but have not yet been made up;

The second is "Deficit Offset", which is a set threshold that does not trigger the reduction operation when the pool losses fall below this threshold.

For example, in the Aave v3 USDC pool on the Ethereum mainnet, if the gap is offset to 500 USDC, the corresponding waUSDC staked tokens will only be reduced when the loss exceeds that amount.

In the specific process, when the pool generates a gap of 1,000 USDC, the automated system calls Umbrella Core's slash function to offset the preset 500 USDC gap and actually slash 500 USDC of waUSDC tokens. The slashed token funds are transferred to the Aave Collector, and these funds are no longer available for stakers to withdraw. Subsequently, the override authority will call the coverPendingDeficit function to pull the corresponding funds from the Collector and call the eliminateReserveDeficit interface of the Aave v3 fund pool to complete the loss coverage.

In terms of permission settings, Aave governance is responsible for configuring asset pairs, adjusting slashing parameters, and upgrading contracts. The slashing operation is open to all users and can be triggered according to the contract rules, ensuring that the system automatically responds to pool risks. Coverage operations are restricted to entities holding COVERAGE_MANAGER_ROLE, ensuring controlled and compliant fund flows.

Additionally, Umbrella provides a companion user interface that allows users to stake, redeem, activate cooldowns, and claim rewards. To simplify multi-step interaction, the MIT-licensed batch operation assistance contract UmbrellaBatchHelper is designed to facilitate third-party developers to integrate and optimize the user experience.

Overall, the Umbrella security module enhances the flexibility and transparency of pool risk control by introducing a detailed gap management mechanism and a clear division of authority, providing a solid technical foundation for Aave DAO's governance and operations.

What are the potential advantages and disadvantages of the Umbrella Security Module?

For the protocol as a whole and users, the Umbrella security module has the following pros and cons:

Potential advantages:

• Risk management refinement: Umbrella Core supports setting "gap offset" thresholds, allowing DAOs to set specific gap thresholds to decide whether to trigger slashes, improving flexibility in handling minor losses. For example, if the loss is less than 100,000 USDC, Aave Collector can cover it first to avoid slashing the staked assets.
• Modularity and scalability: The Umbrella core manages each StakeToken instance in a unified manner, supporting multi-network and multi-asset scaling, facilitating policy deployment at the governance level.
• Open Interface and UI Support: Provides an open-source frontend and auxiliary contract (UmbrellaBatchHelper) to enhance user interaction and facilitate integration and secondary development.

Potential Disadvantages and Risks:

• Staking Returns and Risk-Linked Risks: Compared to traditional Safety Modules, stakers under Umbrella bear a clear risk of slashing. When pool losses exceed a set threshold, StakeToken is deducted. For example, if the loss exceeds 500 USDC, the system will deduct the corresponding staked assets.
• Slashing assets are not recoverable: Staked Tokens are sent to Aave Collector to cover pool losses and cannot be redeemed by stakers. The system covers the risk through this mechanism, but the user permanently loses the corresponding assets.
• Dependent permission role actions: If the fund override operation needs to be triggered by the entity holding COVERAGE_MANAGER_ROLE, there may be delays in governance or operations, which may affect the efficiency of risk disposal.
• The transition mechanism is complex: In the early days of Umbrella's launch, stkAAVE/stkABPT and Umbrella StakeToken existed in parallel, so users need to pay attention to the migration path and incentive changes to prevent misunderstandings or operational errors caused by adjustments.

Staking Income of Concern to Users

In the Umbrella module, users' staking yields are set by governance and dynamically adjusted with the total amount of staked and the balance of the reward pool. Each type of StakeToken (e.g., waUSDC, waGHO) needs to be initialized through a governance proposal to configure its target liquidity, reward cap per time, and distribution period, and the reward funds come from a preset rewardPayer address, usually the Collector of Aave DAO or its sub-accounts.

Taking USDC as an example, if the target liquidity is 1 million USDC and only 500,000 are actually staked initially, the rewards per unit time will be distributed centrally, and the yield will be relatively higher. As the amount of staking increases, the yield tends to the target level set by governance. If the reward funds are insufficient or delayed in replenishment, the yield may decrease or even be interrupted.

It is worth noting that GHO stakers have been particularly affected by this migration. Since the target liquidity and annualized incentive cap set by the Umbrella module for waGHO is significantly lower than the subsidy level of stkGHO in the old security module, or its annualized yield is expected to drop from 13% to about 7.7%, it may also affect the market demand and overall issuance rhythm of GHO.

In addition, unlike the previous security module, Umbrella allows for flexible rewards based on assets, making it easier to link with the risk level of the protocol. However, users' income is highly dependent on governance efficiency and fund scheduling capabilities, and it is necessary to pay attention to governance progress and the status of each network's reward pool to assess the trade-off between potential returns and liquidity risks.

Summary

May 2025, Aave maintained high liquidity on major chains such as Ethereum and Arbitrum, coupled with a flash loan business rate of 0.09%, combined with a large loan scale, driving the protocol's monthly revenue to approximately $39 million. Based on this, Aave has a market share of over 50% in the money market segment. Although the AAVE token price has not yet broken through its all-time high, it has performed relatively solidly as an established DeFi project. Combined operational metrics show that Aave's dominance in the crypto lending market remains at a nearly two-year high.

launch of the Umbrella security module reflects Aave's continued advancement in product and risk management. The current business foundation is relatively stable, and if the existing innovation rhythm is maintained, future performance is expected to improve. This continuous optimization and improvement also serves as a reference for other DeFi projects. In an environment of increased competition, continuous updating of technology and products is key to maintaining competitiveness and achieving long-term development.