How Does Aave V4 Work?
Aave V4 is the latest major version of DeFi's largest lending protocol, introducing a hub-and-spoke architecture that separates shared liquidity from isolated market configurations. Launched March 2026 with a security-first, limited-capacity strategy. Three initial Hubs (Core, Prime, Plus) serve different risk appetites. Governs via the same AAVE token as V3, with three professional audits completed (Trail of Bits, Blackthorn, ChainSecurity). Still early-stage at $38M TVL.
TVL
$72M
Sector
Lending
Risk Grade
C+
Value Grade
B
Core Mechanisms
Lending/Hub-and-Spoke
NovelShared Liquidity Hub with multiple isolated Spoke markets (Core, Prime, Plus)
V4's defining architectural innovation: a central Liquidity Hub holds assets and connects to Spokes that each have their own collateral types, risk parameters, and liquidation rules. Novel for lending protocols — no prior live deployment at this scale.
Lending/Position-Managers
NovelGateway contracts enabling complex multi-step operations
Position Managers are new gateway contracts that allow complex operations in a single transaction. They expand the attack surface compared to V3's direct user interaction model, requiring new approval-management by users.
Lending/Pool-Based
Overcollateralized lending with variable interest rates per Spoke
Core lending mechanism unchanged from V3 — overcollateralized pools with automated interest rate curves. Each Spoke runs independent rate parameters, inheriting V3's battle-tested model.
Oracle/Multi-Source
Chainlink price feeds with CAPO adaptive layer
Inherits V3's oracle stack: Chainlink primary feeds wrapped in Aave's CAPO snapshot-ratio layer. The CAPO layer misfired on March 10, 2026 in V3, causing $27M in wrongful liquidations — a known failure mode now present in V4.
Risk-Management/Liquidation
Per-Spoke liquidation parameters with configurable close factor and bonus
Standard Aave liquidation model with Spoke-level parameter isolation. Configurable per hub/spoke, improving risk segmentation over V3's single-market model.
Governance/DAO
AAVE token governance controlling all Hub and Spoke parameters
V4 is governed by the same AAVE token governance that governs V3. After ACI and BGD Labs departures in early 2026, Aave Labs holds de facto governance influence over parameter setting.
Staking/Safety-Module
stkAAVE and Umbrella backstop inherited from V3 ecosystem
V4 inherits Aave's existing safety modules. Umbrella reserve currently covers ~60% of V3's April 2026 bad debt event; its capacity for a simultaneous V4 shortfall is untested.
How the Pieces Interact
A critical bug in the central Liquidity Hub contract affects all connected Spokes simultaneously. Unlike V3's isolated pool design, all hub-connected liquidity becomes inaccessible in a single exploit event.
Position Managers require users to grant token approvals. A malicious or exploited Position Manager contract can drain approved funds. V4's gateway pattern creates a new approval-surface attack vector not present in V3.
CAPO desynchronization (as occurred March 10, 2026 in V3) can trigger incorrect liquidation prices across all V4 Spoke markets simultaneously.
V4's Hub/Spoke architecture requires frequent risk parameter governance during growth. With ACI and BGD Labs absent, parameter decisions increasingly depend on Aave Labs, creating centralization risk when novel architecture requires close oversight.
Aave's Umbrella reserve is shared across V3 and V4. A correlated market event causing simultaneous bad debt in both versions could exhaust the backstop, forcing stkAAVE slashing across both protocol versions.
What Could Go Wrong
- Hub-and-spoke architecture introduces a new failure mode: if the shared Liquidity Hub contract is exploited, all connected Spokes (Core, Prime, Plus) lose access to liquidity simultaneously — a single-contract blast radius that Aave V3's isolated pool design did not have. No Hub exploit has occurred in V4's ~2 months of live operation, but the architecture is battle-untested at scale.
- Inherits Aave's CAPO (Chainlink Adaptive Price Oracle) adaptive layer, which misfired on March 10, 2026 in V3, causing $27M in wrongful liquidations across 34 accounts. CAPO desynchronization risk is a known failure mode that V4 carries into its own oracle stack without a documented fix.
- Governance fragmentation risk: Aave Chan Initiative (responsible for 61% of DAO governance actions) and BGD Labs both departed in early 2026 following disputed budget votes. V4 inherits this governance thinning at a critical early phase when parameter decisions for new hubs carry outsized impact.
Liquidity Hub Exploit — All Spokes Drained
TailTrigger: A critical vulnerability in the shared Liquidity Hub contract is discovered and exploited before governance can pause the protocol.
- 1.Attacker identifies a reentrancy or logic flaw in the Liquidity Hub contract that allows unauthorized withdrawals or collateral manipulation across connected Spokes. — Attacker gains control of Hub's liquidity accounting, enabling drain of assets from Core, Prime, and Plus Spokes in a single transaction sequence.
- 2.Protocol guardian or multi-sig cannot pause fast enough; the Hub contract lacks per-Spoke circuit breakers since isolation is a configuration parameter, not an architectural separation. — All deposits across all Spokes become at risk simultaneously. Depositors cannot withdraw as liquidity is drained.
- 3.Panic spreads to Aave V3 users given shared brand, governance, and safety module. V3 TVL sees outflows as users conflate V3 and V4 risk. — Combined contagion effect: Aave V4 drained, Aave V3 suffers bank-run pressure and potential AAVE token decline, straining the shared Umbrella backstop.
- 4.Umbrella backstop (already strained by V3's April 2026 bad debt event) is called upon to cover V4 losses. — Backstop may be insufficient, triggering stkAAVE slashing governance vote while AAVE token is already depressed from contagion.
Risk Profile at a Glance
Overall: C+ (42/100)
Lower score = safer