Aave Labs has introduced a comprehensive two-part licensing framework for its upcoming V4 protocol repositories, designed to expand community contributions while providing clear usage guidelines. The proposal, detailed in a TEMP CHECK (a non-binding, off-chain community vote), outlines a Business Source License (BUSL) for the core V4 code and a Contributor License Agreement (CLA) for developers.
The BUSL will restrict commercial use of all core repositories for a defined period, with the code becoming open-source on a "Change Date" within five years from V4's launch. The DAO will own the V4 codebase, with Aave Labs currently holding the copyright on its behalf. The CLA grants the Aave community "a consistent, irrevocable right to use, incorporate, and sublicense" contributions, ensuring all contributed code integrates seamlessly into the canonical codebase.
This licensing shift is driven by expectations of significantly higher community contributions compared to V3 and a desire for greater clarity. Under V4, each repository file will contain a license identifier in its header, moving away from V3's single-license model for the entire codebase.
Concurrently, Aave Labs has rolled out transformative updates focused on security and mainstream adoption. The V4 protocol has undergone one of DeFi's most thorough security programs, involving a $1.5 million DAO-approved budget and nearly 345 combined days of expert review from firms like Certora, ChainSecurity, Trail of Bits, and Blackthorn. A six-week public contest on Sherlock attracted over 900 participants and surfaced more than 950 findings, with none reaching critical or high severity.
Architecturally, V4 employs a clean hub-and-spoke model. A central Hub manages global liquidity and accounting, while specialized Spoke modules handle functions like borrowing and tokenization. This modular design results in a smaller codebase than V3, simplifying audits and enabling easier third-party integrations.
Complementing the backend security, Aave has launched a completely redesigned Aave App engineered to pass the "Fintech Test"—where users should never realize they are interacting with blockchain technology. The app features a familiar, goal-oriented interface, highlighting savings rates and offering a projection simulator. Onboarding requires only an email/phone and password, with support for deposits from over 12,000 banks, entirely omitting crypto-specific terms like gas fees.
These announcements follow a significant incident on March 10, 2026, where a glitch in Aave's oracle price for wstETH, attributed to a misconfiguration by primary risk provider Chaos Labs, led to $27 million in liquidations. While the protocol incurred no bad debt, some users with healthy positions were unfairly liquidated. Chaos Labs founder Omer Goldberg acknowledged the error and confirmed that all affected users would be fully reimbursed for the loss of 345 ETH.
The developments occur amid internal tensions, with BGD Labs and the Aave Chan Initiative announcing their departures in the coming months, both citing issues with Aave Labs as the reason.
