This is an archive of our post on Aave governance forum. Read the full thread here.

Update: A legacy function in the RSETHPool contract previously allowed the BRIDGER_ROLE to send all funds in the contract to itself and bridge the asset to L1. This resulted in a significant risk for users and the Aave DAO, as a malicious takeover of the wallet with that role could have rendered rsETH undercollateralized.

Following our communication with the Kelp DAO team, they have successfully addressed the identified concern by deploying a contract upgrade which deprecated the vulnerable function. We appreciate their swift response and commitment to protocol security.

• RSETHPool contract on Base, with BRIDGER_ROLE assigned to 3/6 multisig, was upgraded.

• RSETHPool contract on Arbitrum, with BRIDGER_ROLE previously assigned to ProxyAdmin, was upgraded.