Greetings, Aave community!

Aave Labs has continued to make steady progress on multiple protocol endeavors in line with its service provider scope, with Aave V4 development as the primary focus.

The below summary highlights developments in the Aave Protocol and reflects Aave Labs’ transparent and collaborative approach of building in public, welcoming community feedback, and fostering auditability through open-source principles.

December update:

• Progressed Aave V4 v0.5.6 hardening, continuing the Sherlock security contest and audit remediation workstream.

• Advanced Aave V4 supporting components to replicate key Aave V3 integration primitives.

• Continued licensing analysis, to be followed by governance forum discussion and associated processes ahead of production release.

• Supported growth on Horizon’s RWA instance, which has surpassed $580M in net inflows since August and generated over $50k in revenue to the Aave DAO with zero incentives claimed so far.

• Expanded Aave V3 on Aptos through the first month of incentives (market size ~ $37M), progressing the GHO governance temp check and CCIP bridging infrastructure.

• Continued Aave Pro work on the API, while implementing Risk Premiums and dynamic risk configurations, alongside SDK documentation and infrastructure updates.

Aave V4 Updates

Security hardening remained the primary focus this month. Together with Sherlock, we continued the ongoing security contest, while engaged audit teams progressed efforts through the fix and follow‑up phase. In parallel, we froze the Aave V4 codebase at v0.5.6, limiting changes to security‑driven remediations to keep the review scope stable across providers.

As part of the v0.5.6 hardening consolidation, we shipped a set of targeted improvements across core accounting and configuration surfaces. This included a significant refactor of PremiumDebt calculations, a restructure of reserve related methods, and new ReserveConfig flags (ReceiveSharesEnabled and Liquidatable) that mirror current dynamics of the protocol, aligning semantics and security assumptions to those of Aave V3. We also refined Risk Premium calculations to improve precision and consistency across the scenarios surfaced during review and testnet usage.

In addition, we advanced the VaultSpoke development, a minimal ERC‑4626–style vault that connects to a Hub to enable tokenization, with implementation approaching audit readiness. We also started building lightweight PositionManagers that replicate key Aave V3 integration primitives (including aToken permits, credit delegation, and supply/repay on behalf flows), with a focus on simplifying ecosystem integrations. Separately, we began adapting Aave V3 CAPO adapters for Aave V4 to retain the existing oracle configuration strategy and operational patterns.

Finally, we continued the licensing analysis across multiple legal frameworks, balancing system protection with practical integration paths for builders. Following discussion in the governance forum and completion of the relevant governance processes, the selected license will be applied at production release, at the same time that the codebase is migrated to the Aave DAO Github Organization.

What else are we working on?

Horizon’s RWA Instance

Horizon has quickly become the largest and fastest-growing lending market for tokenized real-world assets, attracting more than $580M in net deposits since its August launch. Within the first 100 days, the instance has generated over $100k in revenue, with half accrued to the Aave DAO, without relying on incentives to date.

Based on current adoption and pipeline activity, we expect Horizon’s growth to continue at a strong pace. For ongoing transparency into market growth and utilization, the community can follow the regular coverage in @LlamaRisk’s weekly updates.

Aave V3 on Aptos

Activity on Aave V3 on Aptos remained focused on scaling the market in a measured way following the first month of incentives. The incentives campaigns contributed to market growth to approximately $37M, and we continued monitoring utilization and performance as the programs mature.

On the GHO workstream, a governance temp check is now live. In parallel, we progressed the CCIP bridging infrastructure by interconnecting the networks where GHO is present today to the Aptos network to support GHO CCIP bridging. Likewise, we are actively testing Aptos-to-EVM bridging flows as the next step toward broader multichain support. Finally, development of the Remote GSM is progressing toward audit readiness. Upon deployment, it will enable GHO swaps functionality on Aptos, starting with USDC, strengthening liquidity on the network.

Interface

Aave Pro (Aave V4 Interface)

Work on Aave Pro this month focused on converging on the final API surface ahead of upcoming releases, including completing the remaining Rust GraphQL changes for the final API version and incorporating learnings from ongoing testnet usage. We also progressed the implementation of Risk Premiums and dynamic risk configurations within Aave Pro to support more granular risk controls. In parallel, we continued hardening supporting infrastructure to maintain the current production environment and implemented targeted UX refinements based on community feedback.

Aave Software Development Kit (SDK)

SDK work this month focused on aligning developer-facing materials and infrastructure with the latest changes. We updated SDK/API documentation, expanded developer guidance with integration guidelines and network-specific details, and completed the infrastructure setup for new services that require SDK integration. In parallel, the team continued maturing the Aave V4 integration workstream to support upcoming ecosystem adoption.

Ongoing Integrations

Integration efforts this month centered on reinforcing existing deployments and evolving the incentives stack that supports them. Working with @aci and @tokenlogic, we delivered bug fixes, incremental feature improvements, and UX refinements in support of current growth initiatives. We also added support for the new syrupUSDT-USDT campaign.

What’s coming next?

Our main focus for the coming month will be

• Closing remaining Aave V4 security items, including remediation of audit and Sherlock contest findings.

• Completing VaultSpoke and PositionManagers V4 implementations, and preparing them for further audit review.

• Preparing GHO on Aptos for launch: finalizing governance proposals and security procedures, coordinating with contributors, and aligning timing with the broader Aptos growth roadmap.

• Finalizing Aave Pro’s API surface and rolling out related updates, alongside SDK improvements.

Stay tuned for next month’s update.

Aave Labs