Aave V1

Stage 1
TVL $5M
aave.com
2026-02-06
Chains ethereum

Risk Assessment

Upgradeability
Instant Upgrade
Admin Control
DAO Governance
Fund Access
Possible
Audits
Multiple
Oracle
Centralized
Track Record
6+ years

Aave V1 Risk Assessment

Overview

Aave V1 launched on Ethereum mainnet on January 8, 2020. Aave was originally known as ETHLend (a peer-to-peer lending platform), which rebranded to Aave in September 2018. It was the first version of what would become one of DeFi’s largest lending protocols, introducing features like flash loans, variable and stable interest rates, and over-collateralized lending.

While innovative, V1 was designed with upgradeability in mind and relies on governance-controlled parameters and oracle systems. Most liquidity has migrated to V2 and V3, but V1 remains operational.

Smart Contract Risk

Contract Architecture:

  • Upgradeable smart contracts (not immutable)
  • Governance can modify protocol logic
  • LendingPool contract manages all deposits, borrows, and liquidations
  • Modular architecture with separate logic contracts
  • aTokens represent deposited funds and accrue interest automatically

Code Quality:

  • Audited by OpenZeppelin, Trail of Bits, and Gauntlet
  • Pre-production audit revealed access control concerns
  • Open source and reviewed by community
  • Codebase complexity moderate for a V1 protocol
  • 6+ years of operation without critical exploits

Attack Surface:

  • Upgradeability introduces governance risk
  • Oracle dependencies create external attack vectors
  • Flash loan functionality (while innovative) adds complexity
  • Admin keys could modify critical parameters
  • Interest rate models can be changed by governance

Admin/Governance Risk

Governance Structure:

  • Initially used DAOStack framework for governance
  • Governance controlled by LEND token holders (later migrated to AAVE)
  • On-chain voting with binding execution
  • Governance can upgrade contracts and modify parameters
  • No timelock on governance actions in V1

Key Controls:

  • Governance can upgrade core protocol contracts
  • Can modify interest rate models
  • Can add/remove supported assets
  • Can change oracle addresses
  • Can pause/unpause markets in emergencies
  • Control over protocol parameters (collateral ratios, liquidation bonuses)

Trust Assumptions:

  • Users must trust governance not to act maliciously
  • No timelock protection in V1 governance
  • Governance could theoretically access user funds via upgrade
  • LEND/AAVE token distribution affects governance security
  • Centralization risk if governance participation is low

Oracle Risk

Price Oracle System:

  • Relies on external price oracles (initially Chainlink)
  • Oracle addresses controlled by governance
  • No fallback oracle mechanism in V1
  • Price feeds critical for liquidations and borrowing limits

Oracle Security:

  • Single point of failure if oracle is compromised
  • Governance could change oracle to malicious address
  • Price manipulation could cause improper liquidations
  • No TWAP or time-weighted averaging in V1
  • Dependent on external oracle uptime and accuracy

Oracle Dependencies:

  • Chainlink price feeds for major assets
  • Centralized oracle governance creates risk
  • Oracle failure could freeze protocol or enable exploits

Economic Risk

Liquidity Risk:

  • ~$5M TVL remaining (vast majority migrated to V2/V3)
  • Limited liquidity in most markets
  • Utilization rates may be unpredictable
  • Interest rate volatility due to low liquidity

Operational History:

  • Launched January 8, 2020
  • First protocol to popularize flash loans
  • Billions in cumulative volume processed
  • Zero critical exploits in 6+ years
  • Successfully operated through multiple market crashes
  • Gradually deprecated in favor of V2 (Dec 2020) and V3 (2022)

Protocol Risks:

  • Liquidation cascades possible in volatile markets
  • Interest rate spikes if utilization hits ceiling
  • Smart contract bugs could affect collateral
  • Governance could make poor parameter decisions

Stage Assessment

Stage 1 Criteria Met: ✓ Governance-controlled protocol with token-based voting ✓ Multiple audits by reputable firms ✓ 6+ years of operational track record ✓ Active (though deprecated) with some TVL remaining

Why Not Stage 2: ✗ Contracts are upgradeable (not immutable) ✗ No timelock on governance actions ✗ Governance can access funds via contract upgrades ✗ Centralized oracle dependencies ✗ Instant upgrade capability

Why Not Stage 0: ✓ Decentralized governance (not single admin) ✓ Multiple audits completed ✓ Long operational history ✓ Open source code

Justification: Aave V1 achieves Stage 1 (Assisted) status due to its upgradeable architecture and governance-controlled parameters. While the protocol has demonstrated resilience over 6+ years, the ability for governance to upgrade contracts instantly without timelock, combined with centralized oracle dependencies, prevents it from achieving Stage 2.

The protocol requires users to trust that:

  1. Governance will not upgrade to malicious contracts
  2. Oracle providers will maintain accurate price feeds
  3. Governance will respond appropriately to emergencies

These trust assumptions, while mitigated by decentralized governance and long track record, place V1 in the assisted category. V2 and V3 introduced improvements to governance structure but maintained upgradeability.