Aave proposes new framework setting stricter standards after KelpDAO exploit

Aave is moving toward a stricter risk framework designed to govern every asset listed across Aave V3, V4, and Aave Horizon, setting new standards for onboarding, monitoring, bridge exposure, and chain deployments.

The framework is structured around four layers: asset risk, bridging risk, monitoring and automated risk oracle systems, and chain risk. Together, the layers define how assets are evaluated before listing, how they are reviewed after onboarding, and when exposure should be reduced or deprecated.

The proposal follows April’s KelpDAO exploit, which exposed how weaknesses in bridge configuration and offchain infrastructure can turn a listed collateral asset into protocol wide risk.

Attackers minted roughly $292 million in unbacked rsETH through KelpDAO’s LayerZero bridge and used the asset as collateral on Aave, prompting new standards around bridge disclosures, verifier independence, rate limits, automated monitoring, and defensive freeze mechanisms.

Under the asset risk layer, every listed asset would need to meet requirements tied to audits, bug bounty coverage, liquidity, timelocks, signing authority, legal disclosures, backing visibility, and issuer operations.