Verdict The covered smart-contract-exploit event fits an AMM, and Aerodrome has no core exploit on record. But three things temper it. It is young (August 2023, Slipstream since March 2024), so the track record is short. It is a double fork, of Velodrome / Solidly and of Uniswap v3, so the known-vulnerability clause reaches two upstream codebases it does not control. And it lives entirely on Base, one OP-Stack L2: a sequencer or chain-level fault is outside a protocol cover. As on any AMM, impermanent loss is excluded and the oracle and liquidation covered events barely apply. One relief: AERO is an emissions token, not a peg, so there is no depeg gap like Curve crvUSD.
Confidence: medium 6 red flags As of 2026-07-14