Aave V4
Summary
ExpandAave V4 is a sophisticated lending protocol built on a hub-and-spoke architecture that separates liquidity management (Hub) from user-facing collateralization and borrowing logic (Spoke). The Hub acts as an immutable central liquidity coordinator managing assets, interest accrual, and fee accounting, while upgradeable Spokes handle reserve configuration, user positions, risk premiums, liquidations, and oracle integrations. The protocol introduces an advanced risk premium system that dynamically prices borrowing costs based on collateral quality, alongside a Dutch-auction liquidation mechanism, dynamic reserve configurations, and an ERC4626-compliant TokenizationSpoke for tokenized supply positions. Position managers provide flexible delegation patterns with EIP-712 signed intents for gasless interactions.
The codebase demonstrates strong security engineering practices throughout its core components. The Hub follows the checks-effects-interactions pattern consistently across all state-modifying functions with explicit balance verification after transfers. Share mathematics employ virtual assets and shares of 1e6 each to mitigate first-depositor inflation attacks, and rounding directions are carefully chosen to favor the protocol: deposits round shares down, withdrawals round shares up, borrows round debt shares up, and repayments round debt shares down. The Spoke employs transient-storage-based reentrancy guards, access-managed role-based permissions via OpenZeppelin's AccessManager, and the NativeTokenGateway correctly disables multicall to prevent msg.value reuse. Premium accounting uses a shares-plus-offset model with rigorous invariant checks ensuring premium debt can only decrease through explicit restore or deficit reporting paths.
The overall security posture is strong, reflecting a mature protocol that has undergone multiple prior audits. No vulnerabilities were identified that would enable direct fund extraction, protocol manipulation, or economic exploitation. Key positive observations include the Hub's immunity to share-price manipulation via token donations, as share pricing uses internal accounting rather than raw balances, the mathematically provable consistency between preview functions and actual Hub operations under normal conditions, and robust dust-prevention mechanics in the liquidation engine. The protocol's separation of immutable Hub logic from upgradeable Spoke logic provides a sound foundation for long-term maintenance and iterative improvement.
Findings
No issues identified
Conclusion
ExpandThe Aave V4 codebase demonstrates exceptional security engineering maturity across its hub-and-spoke architecture. The Hub’s immutable design with careful checks-effects-interactions ordering, explicit balance verification, and protocol-favoring rounding directions provides a robust foundation for liquidity management. The share mathematics employing virtual offsets effectively mitigate first-depositor inflation attacks, and the premium accounting system maintains rigorous invariants through validated delta applications. The liquidation engine’s Dutch-auction bonus mechanism, dust prevention logic, and deficit reporting paths are mathematically sound with appropriate boundary validations preventing division-by-zero and overflow conditions.
No vulnerabilities were identified during this engagement. The codebase’s access control via OpenZeppelin’s AccessManager with role-based permissions, the Spoke’s transient reentrancy guards, and the NativeTokenGateway’s explicit multicall disabling for msg.value safety reflect a thorough defense-in-depth approach to security. The prior audits by Blackthorn, Trail of Bits, and ChainSecurity have clearly contributed to the codebase’s current quality, and the architectural decisions made throughout the protocol demonstrate a team with deep understanding of DeFi-specific attack vectors.
The protocol is well-positioned for mainnet deployment. Continued vigilance around price feed adapter implementations and governance parameter selection — particularly healthFactorForMaxBonus, liquidationBonusFactor, and collateral risk parameters — will be important for ongoing operational security. Robust monitoring of oracle freshness at the adapter level and careful governance over reserve and risk premium configurations will further strengthen the protocol’s resilience as it scales in production.
On-Chain Verification
Compare these values with the on-chain attestation
Verify: download the markdown and compare the hash
sha256sum aave-v4.md
Legal Disclaimer: This report covers the code submitted for analysis. It does not account for infrastructure, deployment configuration, third-party dependencies, or changes made after the audit date. Automated analysis may produce false positives or miss context-dependent vulnerabilities. audited.xyz provides this report “as is” without warranty of any kind.