Aave token rebounds as v4 transparency boosts confidence

---

---

The Aave token is attempting to break out of a tight trading range as Aave Labs published the full results of its V4 security audits, which involved 345 days of accumulated reviews that found no high-severity vulnerabilities. 

The March 4 audit report advances the much-contested protocol upgrade just one day after the Marc Zeller-led Aave Chain Initiative (ACI) announced its departure due to escalating governance tension.

In a report titled “Security by Design: Aave V4,” Aave Labs detailed a year-long program starting from March 2025 to February 2026, which included deploying 15 researchers across four audit firms, formal verifications, invariant testing, and a six-week public contest. 

The program cost less than its initial budget of $1.5 million and was funded by the DAO.

However, the release of the report comes in the middle of serious tension within the Aave ecosystem. 

On March 3, ACI announced that it would gradually reduce operations in the next four months due to structural governance issues. That announcement sank the AAVE token as low as $108 before recovering close to $118 as of now.

Aave is attempting to sustain a rally to break out into a higher trading range. Source: CoinMarketCap

345 days of reviews found no high-impact vulnerabilities

The audit was spread across four audit firms and four independent researchers, making a total of 15 researchers deployed over 275 cumulative audit days. The first round took place between September to November 2025. 

Certora deployed two researchers who worked for eight weeks, ChainSecurity deployed two researchers for four weeks, Trail of Bits deployed three researchers for two weeks, and Blackthorn deployed four researchers for three weeks. 

Other independent researchers, including Stermi, Deadrosesecxyz, Josselin, and Kurt Barry, conducted 13 weeks of early-stage reviews, noting that V4 was the “cleanest pre-audit codebase” they had seen.

From December 1, Aave Labs held a six-week Sherlock contest, where over 900 verified participants submitted more than 950 findings, yet there were no critical issues found. 

The second round took place in February, adding 80 more days for fixing validations, with reports confirming no high-impact vulnerabilities came up.

Technical excellence but governance problems?

The latest V4 audit demonstrated great technical transparency, with Aave Labs publicly sharing their full audit processes, findings and costs, while delivering under their initial budget of $1.5 million with plans to return the remaining funds to the DAO.

However, the governance tensions within the project cannot be ignored. The ACI argued that approximately 233,000 votes from Aave Labs-related clusters (including 111,000 votes allegedly delegated by Kulechov) were used to rig the March 1 Temp Check vote to get 52.58% approval. 

The ACI also suggested four conditions before it could support the proposal (including stricter milestone tracking, self-voting limits, etc), but the conditions were ignored. 

BGD Labs (who helped build V3) also announced on February 20 that it would not renew its contract with Aave Labs from April 1, effectively ending its four-year tenure as the primary technical contributor. The firm cited centralization concerns and criticized Aave Labs’ approach of aggressively criticizing V3 in order to promote V4.

Nonetheless, the “Aave Will Win” proposal still advanced to the ARFC stage following the Temp Check, where structural revisions will be discussed before a binding vote on-chain. 

V4 ratification will also be included, although it will require a separate proposal of its own. As such, the project now faces losing both its primary technical contributor and its most active governance delegate in the space of a few months.

The narrow vote results, legitimacy concerns, and contributor exits create a cloud of uncertainty over V4’s governance. With BGD Labs leaving on April 1st and ACI gradually stopping its operations, questions are being raised over the independent oversight during the V3-V4 transition.

If you're reading this, you’re already ahead. Stay there with our newsletter.