Aave Labs, which develops the decentralised finance (DeFi) lending protocol Aave, has released an Aave V4 security roadmap, The Block reported on March 5. The roadmap is a document detailing a year-long audit and verification process, The Block said.

Aave Labs defined V4 as a "security-first framework" through its governance forum. It emphasised that it implemented smart contract protections from the initial design stage rather than relying on audits just before launch.

The security programme combines formal verification, manual audits, immutability testing, fuzzing and public security contests.

Based on that experience, Aave Labs adopted 5 long-term security principles. They include applying formal verification from the early development stage, using multiple audit methods in parallel, and conducting continuous verification alongside development. The principles also include running an always-on bug bounty programme and advancing AI-based smart contract scanning.

The Aave V4 codebase is designed to be smaller and more modular than earlier versions. The security model also reflects input from risk service providers and integrated developers that use Aave liquidity, The Block said.