Aave Labs released an ARFC (Aave Request for Comments) proposal on May 29, proposing a standardized framework for listing technical assets for Aave V3, V4, and Horizon. Assets with major technical flaws will face reduced borrowing limits, restrictions on collateral parameters, delayed listing, or a recommendation to refuse to onboard the protocol. The proposal confirms that the framework does not replace market risk analysis and governance judgment, but instead provides a technical eligibility baseline.
The seven “hidden risks” confirmed in the ARFC proposal and the framework’s core design
In the proposal, Aave Labs confirms that the framework is intended to address seven categories of “hidden risks”: unlimited minting, weak upgrade controls, bridged supply inconsistencies, unclear liquidation pathways, reliance on off-chain custody, unreliable oracle pathways, and missing audits of external dependencies. The proposal particularly emphasizes additional review for off-chain dependent assets such as cross-chain assets, yield-bearing assets, and RWAs—covering bridge structure, off-chain legal arrangements, custody mechanisms, and supply integrity.
The framework defines six privileged role security tiers (Tier 0 to Tier 5), ranging from no-delay with a single key (Tier 0) to on-chain DAO governance with a time lock (Tier 5). Situations where the security tier is below 2 are defined as “weak security configuration,” triggering stricter onboarding restrictions. Regarding oracle pathways, Chainlink is the primary data source required; any design that is not Chainlink must have a clear rationale.
A six-step governance integration process and annual update mechanism confirmed by the proposal
Aave Labs confirms that the framework should be incorporated into the asset listing process in six steps: pre-screening (confirming AAcA categorization and contract verification), technical review (assessing against the framework’s eight core sections), coordination with risk providers, publishing governance documents, remediation tracking, and ongoing updates.
The proposal confirms that assessments of all active listed assets must be updated once every year, and updated immediately after any major change, including contract upgrades, deployment on new chains, changes to bridge routing, changes in privileged role holders, and security incidents. Issuers must provide advance notice to Aave Labs and relevant DAO-related changes based on ongoing obligations.
Frequently Asked Questions
What is the current governance status of Aave Labs’s ARFC proposal—has it been approved?
ARFC is part of the “Aave Request for Comments” process and belongs to the discussion stage of a governance proposal; it has not yet entered a formal vote or approval. The proposal requires review and voting by Aave DAO governance participants before it can be formally implemented.
What scenarios does this framework apply to, and what does it not apply to?
According to the proposal confirmation, the framework applies to: adding assets to any instances of Aave V3, V4, and Horizon; major parameter changes to existing listed assets; and periodic or non-periodic technical updates. The framework does not replace risk analysis of liquidity and market depth; that portion remains the responsibility of the DAO’s risk providers.
What kinds of technical flaws would trigger rejection of onboarding or limitation of listing?
According to the proposal confirmation, the flaws that trigger restrictions include: unlimited minting; weak security configuration where the privileged role security tier is 0 or 1; bridged supply inconsistencies; lack of an appropriate oracle pathway; and unresolved severe or high-risk audit issues. These flaws will lead to reduced borrowing limits, restrictions on collateral parameters, or a recommendation to refuse to onboard the agreement.
