The Aave token is trying to break out of the tight trading range now that Aave Labs has published the full results of its V4 security audits, which involved 345 days of collected assessments that found no serious vulnerabilities.
The March 4 audit report highlights the much-contested protocol upgrade just one day after the Marc Zeller-led Aave Chain Initiative (ACI) announced its departure amid escalating governance tensions.
In a report entitled “Security by design: Aave V4”, Aave Labs has designed a year-long program starting from March 2025 to February 2026, including the deployment of fifteen researchers at four accounting firms, formal verifications, invariant testing and a six-week public competition.
The program cost less than its original budget of $1.5 million and was funded by the DAO.
However, the publication of the report comes amid serious tensions within the Aave ecosystem.
On March 3, ACI announced that it would gradually reduce operations over the next four months due to structural governance issues. This announcement saw the AAVE token drop to $108 before recovering close to $118 as of now.
Aave is trying to sustain a rally to break out to a higher trading range. Source: CoinMarketCap
345 days of assessments revealed no high-impact vulnerabilities
The audit was spread over four accounting firms and four independent investigators, resulting in a total of 15 investigators deployed over a total of 275 audit days. The first round took place between September and November 2025.
See also Monero crypto administrator arrested for fraud
Certora deployed two researchers for eight weeks, ChainSecurity deployed two researchers for four weeks, Trail of Bits deployed three researchers for two weeks and Blackthorn deployed four researchers for three weeks.
Other independent researchers, including Stermi, Deadrosesecxyz, Josselin, and Kurt Barry, conducted thirteen weeks of early-stage evaluations, noting that V4 was the “cleanest pre-audit codebase” they had ever seen.
Starting December 1, Aave Labs held a six-week Sherlock competition where more than 900 verified participants submitted more than 950 findings, but no critical issues were found.
The second round took place in February, adding an additional 80 days for validation resolutions, with reports confirming that no high-impact vulnerabilities had occurred.
Technical excellence, but governance problems?
The latest V4 audit demonstrated great technical transparency, with Aave Labs publicly sharing their full audit processes, findings and costs, while staying under their original $1.5 million budget with plans to return the remaining funds to the DAO.
However, the governance tensions within the project cannot be ignored. The ACI argued that approximately 233,000 votes from Aave Labs-related clusters (including 111,000 votes allegedly delegated by Kulechov) were used to manipulate the March 1 Temp Check vote to gain 52.58% approval.
The ACI also proposed four conditions before it could support the proposal (including stricter milestone registration, limits on self-voting, etc.), but these conditions were ignored.
See also Wall Street giants are raising concerns about the US SEC’s aggressively pro-crypto agenda
BGD Labs (who helped build V3) too announced on February 20 that it would not renew its contract with Aave Labs as of April 1, effectively ending its four-year tenure as its top technical contributor. The company cited centralization concerns and criticized Aave Labs’ approach of aggressively critiquing V3 to promote V4.
Nevertheless, the “Aave Will Win” proposal has still progressed to the ARFC phase after the Temp Check, where structural revisions will be discussed before a binding vote on the chain.
V4 ratification will also be included, although this would require a separate proposal. As such, the project stands to lose both its top technical contributor and its most active board delegate within a few months.
The limited voting results, concerns about legitimacy and the departure of contributors create a cloud of uncertainty over V4’s governance. With BGD Labs departing on April 1 and ACI gradually ceasing operations, questions arise about independent oversight during the V3-V4 transition.