Risk Assessment: GhoRouter (when deployed)

## Context

[PR #124](https://github.com/yearn/risk-score/pull/124) shipped the sGho risk assessment after [AIP 484 ("sGho Launch")](https://app.aave.com/governance/v3/proposal/?proposalId=484) executed on 2026-05-16. The AIP deployed `sGho` ([`0xE1753F…ca1d`](https://etherscan.io/address/0xE1753F2e00940cC31213dd92013cF019DFE4ca1d)) and `sGhoSteward` ([`0x60Bf2D…2757`](https://etherscan.io/address/0x60Bf2DF49F17529Cf956D57848ebEB8a0d0a2757)) but **did not deploy a GhoRouter**.

The router is referenced only in the AIP's marketing copy ("Users can go from USDC to sGHO in a single transaction"). The actual payload deploys no router. As a result Yearn's USDC → sGho strategy currently has to compose the GSM USDC and sGho deposit steps manually.

The `aave-dao/gho-origin` PR [#34](https://github.com/aave-dao/gho-origin/pull/34) is the only public router draft and is **not part of AIP 484**, **not present in the Aave Address Book**, and **out of scope of the TokenLogic Collaborative audit**. Issue #145 (closed by PR #124) tracked the post-AIP-484 finalization and is fulfilled; this new issue narrowly tracks the router.

## Trigger

Reopen / start work when **any** of the following becomes true:

- [ ] A `GhoRouter`-related proposal lands in [`aave-dao/aave-proposals-v3/src`](https://github.com/aave-dao/aave-proposals-v3/tree/main/src)
- [ ] Aave Address Book ([`GhoEthereum.sol`](https://github.com/bgd-labs/aave-address-book/blob/main/src/GhoEthereum.sol)) adds a `GHO_ROUTER` (or similar) entry
- [ ] [`gho-origin` PR #34](https://github.com/aave-dao/gho-origin/pull/34) is merged AND the router is deployed on Ethereum mainnet
- [ ] Aave Immunefi scope is updated to include `GhoRouter`

## TODOs once the router is deployed

Source: [`reports/report/aave-sgho.md`](https://github.com/yearn/risk-score/blob/master/reports/report/aave-sgho.md)

- [ ] Fill the **GhoRouter** row in the sGho Contracts address table (currently "Not deployed — not part of AIP 484")
- [ ] Audit the deployed router's owner / admin powers (`setGsmAllowed`, `rescueToken`, pause behavior)
- [ ] Confirm router has no persistent token balances or stranded approvals during normal flow
- [ ] Verify Yearn USDC strategy can route USDC → sGho in one tx and the reverse path works under GSM freeze conditions
- [ ] Re-check Aave Immunefi scope: is `GhoRouter` enumerated?
- [ ] Update the sGho `Strategy pipeline` and `Liquidity Risk` sections to reflect the new path
- [ ] Re-score the assessment if the router changes the admin/liquidity surface (currently 2.1 / 5.0)

## References

- [PR #124](https://github.com/yearn/risk-score/pull/124) — original sGho risk assessment
- [Issue #145](https://github.com/yearn/risk-score/issues/145) — sGho post-deployment finalization (closed by #124)
- [AIP 484](https://app.aave.com/governance/v3/proposal/?proposalId=484) — sGho Launch, no router included
- [gho-origin PR #34](https://github.com/aave-dao/gho-origin/pull/34) — draft router PR (not merged, not deployed)


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Risk Assessment: GhoRouter (when deployed) #194

Context

Trigger

TODOs once the router is deployed

References

Metadata

Assignees

Labels

Type

Fields

Projects

Milestone

Relationships

Development

Risk Assessment: GhoRouter (when deployed) #194

Description

Context

Trigger

TODOs once the router is deployed

References

Metadata

Metadata

Assignees

Labels

Type

Fields

Projects

Milestone

Relationships

Development

Issue actions