Aave V4

Risk Score 42/100·BValue

$72MTVL·$1.3BFDV·LendingWebsite →

Moderate-low risk — Aave V4 brings genuine architectural innovation with hub-and-spoke lending and Position Manager gateways, but both introduce unproven failure modes at scale. The protocol is battle-untested at $38M TVL with a 2-month track record, inherits V3's oracle vulnerabilities, and launches under weakened governance. Grade B- reflects strong Aave ecosystem pedigree offset by architectural immaturity and inherited risks.

Risk Breakdown

Top Risks

Hub-and-spoke architecture introduces a new failure mode: if the shared Liquidity Hub contract is exploited, all connected Spokes (Core, Prime, Plus) lose access to liquidity simultaneously — a single-contract blast radius that Aave V3's isolated pool design did not have. No Hub exploit has occurred in V4's ~2 months of live operation, but the architecture is battle-untested at scale.

Inherits Aave's CAPO (Chainlink Adaptive Price Oracle) adaptive layer, which misfired on March 10, 2026 in V3, causing $27M in wrongful liquidations across 34 accounts. CAPO desynchronization risk is a known failure mode that V4 carries into its own oracle stack without a documented fix.

Governance fragmentation risk: Aave Chan Initiative (responsible for 61% of DAO governance actions) and BGD Labs both departed in early 2026 following disputed budget votes. V4 inherits this governance thinning at a critical early phase when parameter decisions for new hubs carry outsized impact.

Frequently Asked Questions

Is Aave V4 safe to use?

Aave V4 receives a C+ risk grade (42/100) from Hindenrank, where lower scores indicate lower risk. Moderate-low risk — Aave V4 brings genuine architectural innovation with hub-and-spoke lending and Position Manager gateways, but both introduce unproven failure modes at scale. The protocol is battle-untested at $38M TVL with a 2-month track record, inherits V3's oracle vulnerabilities, and launches under weakened governance. Grade B- reflects strong Aave ecosystem pedigree offset by architectural immaturity and inherited risks. Aave V4 is the latest major version of DeFi's largest lending protocol, introducing a hub-and-spoke architecture that separates shared liquidity from isolated market configurations. Launched March 2026 with a security-first, limited-capacity strategy. Three initial Hubs (Core, Prime, Plus) serve different risk appetites. Governs via the same AAVE token as V3, with three professional audits completed (Trail of Bits, Blackthorn, ChainSecurity). Still early-stage at $38M TVL.

What are the main risks of using Aave V4?

The key risks identified for Aave V4 are: (1) Aave V4's hub-and-spoke design centralizes liquidity in a single Hub contract shared by all markets. A critical bug in this Hub would affect all deposited assets across Core, Prime, and Plus markets simultaneously — a single point of failure that V3's isolated pools did not have. (2) V4 inherits the CAPO oracle layer that misfired in Aave V3 on March 10, 2026, causing $27M in wrongful liquidations. The same oracle logic runs in V4. (3) Aave governance was significantly weakened after the ACI and BGD Labs departures in early 2026. Early-phase parameter decisions for V4's new architecture are increasingly concentrated in Aave Labs, reducing decentralized oversight during V4's critical growth phase.

What is Aave V4's risk score breakdown?

Aave V4 scores 42/100 across eight risk dimensions: Mechanism Novelty: 7/15, Interaction Severity: 10/20, Oracle Surface: 6/10, Documentation Gaps: 1/10, Track Record: 6/15, Scale Exposure: 7/10, Regulatory Risk: 2/10, Vitality Risk: 3/10. The highest risk area is Scale Exposure at 7/10.

How does Aave V4 compare to other Lending protocols?

Among 95 rated Lending protocols on Hindenrank, Aave V4 ranks #69 by safety (lowest risk score = safest). Its 42/100 risk score and C+ grade place it among the riskier Lending protocols.

Has Aave V4 ever been hacked or exploited?

Aave V4 scores 6/15 on the Track Record risk dimension, indicating some history of security incidents or exploits. Higher scores reflect more severe or frequent incidents. Review the full risk report for details.

Last scanned 2026-05-14

Get risk alerts before it's too late

Weekly grade changes, downgrade alerts, and new protocol risk findings. Free.