Trail of Bits
Audit Open Original ↗

Aave v4

Type

Security review

Client

Aave

Date

2026-02

Domain

Blockchain

Effort

6 wks

Section

Ethereum/EVM

Trail of Bits's security review of Aave (Feb 2026) identified 7 issues: 2 medium, 1 low, and 4 informational.

Findings · 7

  1. 1 Deficit reporting denial of service via micro-collateral Medium
  2. 2 Spoke contract does not follow upgradeability best practices Informational
  3. 3 Lowering riskPremiumThreshold can temporarily block premium refresh and user actions Informational
  4. 4 Incorrect liquidation event documentation Informational
  5. 5 A Spoke may not be able to add a valid Hub asset Low
  6. 6 The setSelfAsUserPositionManagerWithSig function assumes the positionManager value in the params argument is address(this) Informational
  7. 7 Users can become immediately liquidatable after executing an action Medium

Findings extracted from the published report PDF. See the full report below for details and remediation.

Related