The AAVE token is trading within a narrow range as Aave Labs moves ahead with its long-anticipated V4 protocol upgrade. The development follows the release of extensive security audit results, which concluded that the new version of the protocol contains no high-severity vulnerabilities after nearly a year of testing and review.
The audit report, published on March 4 and titled “Security by Design: Aave V4,” marks a major milestone for the DeFi lending protocol. However, the progress comes at a time of growing governance tensions within the Aave ecosystem, including the recent departure announcement from the Marc Zeller-led Aave Chain Initiative (ACI).
Extensive Security Program Supports V4 Development
Aave Labs conducted one of the most comprehensive security review programs in the protocol’s history. The process ran from March 2025 to February 2026 and involved multiple audit firms, independent researchers, and a large-scale public bug bounty contest.
According to the report, the review process included:
- 15 researchers participating across multiple firms
- 275 cumulative audit days during the primary audit rounds
- Formal verification and invariant testing of core protocol logic
- A six-week public contest involving more than 900 verified participants
The total cost of the security program remained under its allocated budget of $1.5 million, which had been funded by the Aave DAO treasury. Any remaining funds are expected to be returned to the DAO.
Multiple Audit Firms Involved
The first major audit phase took place between September and November 2025. Four major security firms were involved in evaluating the protocol’s architecture and smart contracts.
| Audit Firm | Researchers | Duration |
|---|---|---|
| Certora | 2 researchers | 8 weeks |
| ChainSecurity | 2 researchers | 4 weeks |
| Trail of Bits | 3 researchers | 2 weeks |
| Blackthorn | 4 researchers | 3 weeks |
Independent security researchers, including Stermi, Deadrosesecxyz, Josselin, and Kurt Barry, also conducted early-stage code reviews for approximately 13 weeks. Some reviewers described the V4 codebase as one of the cleanest pre-audit implementations they had encountered.
Later in the process, Aave Labs organized a six-week public contest through Sherlock starting on December 1. The program attracted more than 900 verified participants and resulted in over 950 submitted findings. None of the issues identified were classified as critical vulnerabilities.
A second review round in February added approximately 80 additional audit days focused on validation fixes and final verification. The final reports confirmed that no high-impact vulnerabilities remained.
Governance Disputes Create Uncertainty
Despite the strong technical results of the audit process, governance conflicts have overshadowed the V4 rollout.
On March 3, the Aave Chain Initiative announced that it would gradually wind down its operations over the next four months. The group cited structural governance concerns and disagreements surrounding the development direction of the protocol.
The announcement had an immediate impact on market sentiment. The AAVE token briefly dropped to around $108 before recovering toward the $118 level.
ACI representatives claimed that approximately 233,000 votes linked to Aave Labs-related clusters influenced the March 1 Temp Check vote that approved the proposal with 52.58% support. The group alleged that roughly 111,000 votes had been delegated by Aave founder Stani Kulechov.
The initiative proposed several governance safeguards before supporting the upgrade, including stricter milestone tracking and limits on self-voting. According to ACI, these conditions were not addressed before the vote proceeded.
Contributor Departures Add Pressure
Governance concerns are further complicated by the upcoming departure of BGD Labs, one of the key technical contributors behind Aave V3.
BGD Labs announced on February 20 that it would not renew its contract with Aave Labs after April 1, ending a four-year collaboration. The firm raised concerns about centralization and criticized what it described as an overly aggressive narrative positioning V4 against the existing V3 architecture.
The exit of both BGD Labs and the Aave Chain Initiative within a short timeframe has raised questions about the long-term oversight of the protocol’s development.
V4 Proposal Moves to Next Governance Stage
Despite the controversy, the governance proposal titled “Aave Will Win” successfully passed the Temp Check phase and has now moved into the ARFC stage. During this phase, the community will review structural revisions before any binding on-chain vote takes place.
The ratification of the V4 upgrade itself will require a separate governance proposal, meaning the final decision on deployment has not yet been made.
With the protocol preparing for a major architectural shift while simultaneously losing key contributors, the Aave ecosystem now faces a complex transition period. The combination of strong technical audits and unresolved governance disputes could play a decisive role in shaping the future of the DeFi lending giant.
