Original author: ChandlerZ, Foresight News
On June 5, Aave officially deployed the Umbrella security module. The module will be launched in stages, marking that AAVE no longer directly bears risks, and aToken holders bear risk responsibility, realizing a direct connection between risk and return.
What has changed with the Umbrella Security Module?
The Umbrella security module is the core smart contract system for risk management and incentives in the Aave protocol. Compared with the previous security module, Umbrella manages multiple StakeTokens associated with a single Aave v3 fund pool through the core contract Umbrella Core, and is responsible for slashing and gap compensation functions.
This module defines two gap states:
The first is the “pending deficit”, which refers to the loss of funds that have been cut from StakeToken but have not yet been made up;
The second is Deficit Offset, which is to set a threshold. When the loss of the fund pool is lower than the threshold, the reduction operation will not be triggered.
For example, in the Ethereum mainnet Aave v3 USDC pool, if the gap offset is set to 500 USDC, the corresponding waUSDC staked tokens will only be cut if the loss exceeds this amount.
In the specific process, when the fund pool has a gap of 1000 USDC, the automated system calls the slash function of Umbrella Core, and based on the preset 500 USDC gap offset, actually reduces 500 USDC of waUSDC tokens. The reduced token funds are transferred to the Aave Collector, and these funds are no longer available for pledgers to withdraw. Subsequently, the entity with coverage authority will call the coverPendingDeficit function, pull the corresponding funds from the Collector, and call the eliminateReserveDeficit interface of the Aave v3 fund pool to complete the loss coverage.
In terms of permission settings, Aave governance is responsible for configuring asset pairs, adjusting slashing parameters, and contract upgrades. Slashing operations are open to all users and can be triggered according to contract rules to ensure that the system automatically responds to fund pool risks. Coverage gap operations are only available to entities holding COVERAGE_MANAGER_ROLE to ensure that fund flows are controlled and compliant.
In addition, Umbrella provides a supporting user interface to support users to perform operations such as staking, redemption, activation of cooling-off period, and receiving rewards. To simplify multi-step interactions, the MIT-licensed batch operation auxiliary contract UmbrellaBatchHelper is designed to facilitate third-party developers to integrate and optimize the user experience.
In general, the Umbrella security module improves the flexibility and transparency of fund pool risk control by introducing a detailed gap management mechanism and clear division of authority, providing a solid technical foundation for Aave DAO governance and operations.
What are the potential advantages and disadvantages of the Umbrella security module?
The Umbrella security module has the following advantages and disadvantages for the protocol as a whole and for users:
Potential benefits:
Risk management refinement: Umbrella Core supports setting a gap offset threshold. DAO can set a specific gap threshold to decide whether to trigger a reduction, which increases the flexibility of handling minor losses. For example, when the loss is less than 100,000 USDC, the Aave Collector can cover it first to avoid reducing the pledged assets.
Modularity and scalability: The Umbrella core uniformly manages all StakeToken instances, supports multi-network and multi-asset expansion, and facilitates strategy deployment at the governance level.
Open interface and UI support: Provides an open source front-end and auxiliary contract (UmbrellaBatchHelper) to enhance user interaction experience and facilitate integration and secondary development.
Potential disadvantages and risks:
Staking income is linked to risk: Compared with the traditional Safety Module, stakers under Umbrella bear clear slashing risks. When the loss of the fund pool exceeds the set threshold, StakeToken will be deducted. For example, if the loss exceeds 500 USDC, the system will deduct the corresponding staked assets.
Slashed assets are not recoverable: The slashed StakeToken is sent to the Aave Collector to cover the loss of the fund pool, and the pledger cannot redeem it. The system covers the risk through this mechanism, but the user loses the corresponding assets permanently.
Operations that rely on permission roles: For example, fund coverage operations must be triggered by an entity holding COVERAGE_MANAGER_ROLE. If there is a delay in governance or operations, the efficiency of risk management may be affected.
The transition mechanism is more complicated: In the early stage of Umbrellas launch, stkAAVE/stkABPT and Umbrella StakeToken will exist in parallel. Users need to pay attention to the migration path and incentive changes to prevent misunderstandings or operational errors caused by adjustments.
Staking income that users are concerned about
In the Umbrella module, the users staking yield is set by governance and dynamically adjusted with the total amount of staking and the balance of the reward pool. Each type of StakeToken (such as waUSDC, waGHO) needs to be initialized through a governance proposal to configure its target liquidity, unit time reward cap and distribution cycle. The reward funds come from the preset rewardPayer address, usually the Collector of Aave DAO or its sub-account.
Taking USDC as an example, if the target liquidity is 1 million USDC, and only 500,000 are actually staked in the initial stage, the rewards per unit time will be concentrated and the yield will be relatively higher; as the staked amount increases, the yield tends to the target level set by governance. If the reward funds are insufficient or delayed, the yield may decline or even be interrupted.
It is worth noting that GHO pledgers are particularly affected by this migration. Since the target liquidity and annualized incentive cap set by the Umbrella module for waGHO are significantly lower than the subsidy level of stkGHO in the old security module, it may cause its annualized yield expectation to drop from 13% to around 7.7%, which may also affect the market demand and overall issuance rhythm of GHO.
In addition, unlike the old security module, Umbrella allows flexible setting of rewards by asset, which is easier to link with the risk level of the protocol. However, the users income is highly dependent on governance efficiency and fund scheduling capabilities. It is necessary to pay attention to the progress of governance and the status of each network reward pool to evaluate the trade-off between potential returns and liquidity risks.
summary
In May 2025, Aave maintained high liquidity on major chains such as Ethereum and Arbitrum. In addition, the flash loan business rate was 0.09%, combined with a large loan scale, which pushed the protocols monthly revenue to approximately US$39 million. Based on this, Aaves market share in the money market exceeds 50%. Although the price of AAVE tokens has not yet broken through its historical highs, as an old DeFi project, it has performed relatively steadily. Comprehensive operating indicators show that Aaves dominance in the crypto lending market is still at a high point in the past two years.
The launch of the Umbrella security module reflects Aaves continued advancement in product and risk management. The current business foundation is relatively solid, and if the current pace of innovation is maintained, future performance is expected to improve. This continuous optimization and improvement also provides a reference for other DeFi projects. In an environment of intensified competition, continuous updating of technology and products is the key to maintaining competitiveness and achieving long-term development.
