How Does Aera V2 Work?
Aera V2 is an automated treasury management protocol built by risk management firm Gauntlet. It lets DAOs and organizations deposit their treasury assets into noncustodial vaults where an AI-driven guardian algorithm automatically rebalances holdings to optimize returns. With about $42M under management, it has been audited by Spearbit and OpenZeppelin. Its B risk grade reflects solid security practices offset by the inherent risks of delegating treasury management to an off-chain algorithm.
TVL
$39M
Sector
Yield
Risk Grade
B-
Value Grade
F
Core Mechanisms
Yield/Vault/Managed Treasury Vault
NovelNoncustodial vault holding ERC20 and ERC4626 yield-bearing tokens, managed by a guardian with constrained execution authority
Novel trustless treasury management model. The vault owner sets constraints (whitelisted assets, DeFi protocols) while the guardian handles execution. Owner retains withdrawal rights but guardian controls rebalancing.
Yield/Strategy/Off-chain Guardian Algorithm
NovelOff-chain optimization algorithm that submits portfolio operations to the vault based on market conditions and objective functions
The guardian is an off-chain bot built by Gauntlet with access to market intelligence. This creates a centralization point — if the guardian algorithm has bugs or is compromised, vault assets are at risk within the whitelisted action space.
Access Control/Permissioned Roles/Owner-Guardian Separation
Strict role separation where the vault owner sets parameters and the guardian executes within those bounds, with on-chain enforcement of constraints
The hooks module enforces constraints on-chain. Guardian cannot add new assets, change whitelists, or withdraw to external addresses. But within the action space, the guardian has full discretion.
Oracle/Price Feed/Multi-Oracle Safeguard
On-chain oracle checks to validate guardian rebalancing actions, ensuring trades execute within acceptable price ranges
Oracle safeguards protect against obviously bad guardian submissions. However, for less liquid assets the oracle quality may be poor, reducing safeguard effectiveness.
Yield/Integration/DeFi Protocol Composition
Vaults can interact with whitelisted DeFi protocols (lending, DEXs, yield farming) to optimize returns on treasury assets
Composability with external DeFi protocols introduces dependency risks. If a whitelisted protocol is exploited, vault assets deposited there could be lost.
Governance/Control/Vault Owner Governance
Vault owner (typically a DAO multisig) retains ultimate control over vault parameters, asset whitelists, guardian appointment, and emergency withdrawals
Owner governance provides a safety backstop. However, DAOs are slow to act — by the time a governance proposal passes to change guardian parameters, damage may already be done.
How the Pieces Interact
A bug in the off-chain guardian code could submit a series of suboptimal rebalancing operations that systematically degrade vault value. Because the guardian operates autonomously and frequently, small errors compound before the vault owner notices.
If a whitelisted DeFi protocol suffers an exploit, the guardian may be unable to withdraw vault assets quickly enough. The guardian's rebalancing algorithm may not have logic to handle protocol-level emergencies in underlying yield sources.
Oracle safeguards for illiquid assets may use stale or low-quality price feeds. The guardian could execute trades at unfavorable prices that pass oracle checks but result in material value loss for the vault.
In a crisis requiring immediate parameter changes, the vault owner (often a DAO multisig) may be too slow to act. The guardian operates within fixed constraints and cannot adapt its action space without owner intervention.
ERC4626 share price manipulation (donation attacks) in underlying yield tokens could cause the vault to overvalue its holdings, leading the guardian to make rebalancing decisions based on inflated asset values.
What Could Go Wrong
- Off-chain guardian algorithm controls all vault rebalancing — errors in the off-chain code could submit incorrect operations that drain vault value before the owner can react
- Guardian actions are bounded by whitelists but cannot anticipate every possible market condition, creating edge cases where the guardian may be unable to protect against depegs or exploits in underlying assets
- Oracle-dependent safeguards rely on on-chain price feeds for less liquid assets on smaller chains, where oracle quality and update frequency may be insufficient
Guardian Algorithm Bug Causing Systematic Value Drain
TailTrigger: A latent bug in the off-chain guardian algorithm causes it to systematically submit suboptimal rebalancing operations during a specific market condition (e.g., correlated asset drawdown)
- 1.Market conditions trigger an edge case in the guardian algorithm's optimization logic — Guardian submits a series of trades that sell assets at unfavorable prices or allocate to underperforming strategies
- 2.Vault value declines 5-10% over hours as the guardian continues automated rebalancing — Vault depositors notice NAV decline but cannot immediately stop the guardian without owner intervention
- 3.Vault owner (DAO) initiates emergency governance to replace or pause the guardian — Multisig or governance process takes hours to days, during which the guardian continues operating
- 4.Total vault losses reach 15-25% before the guardian is paused or replaced — DAO treasuries suffer material capital losses; confidence in the Aera protocol drops across all vaults
Risk Profile at a Glance
Overall: B- (33/100)
Lower score = safer