# Security V1 of the Aera contracts have been audited by Spearbit in June 2022: {% file src="/files/2wol8lv2d0ff64I1AwsW" %} ### Highlighted Risks While these are by no means exhaustive, we think the following risks are helpful to understanding broader vault operation. #### Use of un-audited Balancer Managed Pool implementation The most appropriate vehicle for rebalancing vault holdings is the Balancer V2 Managed Pool instrument. For more on Managed Pools see [here](https://docs.balancer.fi/products/balancer-pools/managed-pools). While already used by several teams, the Managed Pool contracts are still in development and have not been finalized or audited. We aim to use the latest deployable version of Managed Pool from the Balancer V2 codebase. See [Balancer Managed Pool](/v1-archive/concepts/aera-vault/balancer-managed-pool.md) for more information. #### Front running risk As explained in [Balancer Weights](/v1-archive/concepts/balancer-weights.md), spot price misalignment with market prices can lead to arbitrage and loss of value in the vault. While our deposit and withdraw functions are designed to maintain spot price invariance, there are no guarantees that spot prices are not manipulated in between these functions. As such, we always recommend disabling trading before executing deposits or withdrawals. In future versions, an oracle will be introduced to protect against frontrunning even while the vault is trading. #### Parameter submission At this stage the parameter submission process relies on an off-chain algorithm. While we have worked hard to mitigate the power of the parameter submitter role in the contracts, errors in the off-chain code (for example due to errors in data received from an ETL provider) could lead to incorrect parameters being submitted to the vault. The vault owner has the power to stop vault operations at any point and to remove the vault manager role. **Incorrect weights** The most risky action conducted by a treasury is to enable trading on an Aera vault. If done with the wrong weights, this could lead to a large arbitrage trade and lose value in the vault. The weights need to be selected so that the implied Balancer spot price between each pair of assets is in line with current market prices. ### Monitoring In addition to the work done securing the contracts, the Aera team has a comprehensive monitoring and alerting stack for each deployed vault. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.aera.finance/v1-archive/contracts/security.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.