Back to Details

aave-security-foundations

Compare original and translation side by side

🇺🇸

Original

English

🇨🇳

Translation

Chinese

AAVE Security Foundations

AAVE安全基础

Security-first checklist for AAVE script development and operations.

以安全为核心的AAVE脚本开发与操作检查清单。

Threat Areas

威胁领域

Over-approval risk: unlimited ERC20 approvals can expose wallet funds.
Health factor drift: market volatility can liquidate leveraged positions quickly.
Interest rate mode mismatch: stable mode assumptions can fail per asset.
RPC/data inconsistency: stale or failing RPC can produce bad decisions.
Execution race conditions: quote-time assumptions may be invalid at execution.

过度授权风险：无限制的ERC20授权可能会暴露钱包资金。
健康因子波动：市场波动可能会快速清算杠杆头寸。
利率模式不匹配：稳定模式的假设可能不适用于部分资产。
RPC/数据不一致：过时或故障的RPC可能会导致错误决策。
执行竞态条件：报价时的假设在执行时可能失效。

Required Pre-Execution Checks

必要的执行前检查

Validate chain/token/account/amount format.
Read reserve status (
```
isActive
```
,
```
isFrozen
```
,
```
borrowingEnabled
```
).
Read account health (
```
healthFactor
```
,
```
availableBorrowsBase
```
).
Enforce HF safety threshold before
```
withdraw
```
and aggressive
```
borrow
```
.
Reject execution if allowance/balance preconditions fail.

验证链/代币/账户/金额格式。
读取储备状态（
```
isActive
```
、
```
isFrozen
```
、
```
borrowingEnabled
```
）。
读取账户健康状况（
```
healthFactor
```
、
```
availableBorrowsBase
```
）。
在执行
```
withdraw
```
和大额
```
borrow
```
前，强制执行HF安全阈值。
如果授权额度/余额前置条件不满足，拒绝执行。

References

参考资料

```
references/audit-checklist.md
```
```
references/common-failures.md
```

```
references/audit-checklist.md
```
```
references/common-failures.md
```