Aave governance is reviewing a protocol-wide risk framework that would apply across every asset on Aave V3, V4, and Aave Horizon. The pitch comes after the KelpDAO exploit, and it aims to standardize how the protocol decides which collateral is allowed to take risk on.
The key governance lever is harsh by design. As The Defiant reports, Aave founder Stani Kulechov said assets that do not qualify for the new standard will be removed. That means this is not framed as a “best practices” document. It’s framed as a rules gate, enforced through governance.
What Aave wants to standardize
Aave has long operated with asset-by-asset risk assumptions. The new proposal, per The Defiant, moves toward one shared framework. In practical terms, it is meant to keep the protocol from treating every market as a one-off experiment, even when the same liquidation mechanics and liquidity routing apply.
The governance scope matters. Aave is not limiting this to one deployment or one region of its product line. The Defiant notes the framework would cover Aave V3, V4, and Aave Horizon.
That cross-version angle changes the risk math for users and integrators. If the framework is approved, asset eligibility becomes a systemic variable across Aave markets. That can reduce “unknown unknowns” when a risk model fails, but it also introduces governance-driven market churn. The protocol would be willing to pull assets that do not meet the standard, which can tighten liquidity and change the set of available borrowers and lenders.
The removal threat is the point
Kulechov’s comment, as reported by The Defiant, is the real signal. “Assets that do not qualify for the new standard will be removed” is not vague. It turns risk assessment into an enforcement mechanism.
Assets that do not qualify for the new standard will be removed
Removal matters because Aave’s markets are not passive. Once an asset is listed, it can accumulate usage, borrow demand, and collateral exposure. If the KelpDAO exploit revealed a gap in how Aave understood or priced certain risks, the desk can’t fix that gap while leaving everything else untouched.
Governance-led delistings also force a question every integrator has to answer. If the eligibility rules tighten, how quickly can downstream apps react. The protocol is telling markets it will use the pause button, not just the warning label.
Companion change targets Pendle PT risk oracles
The Defiant also describes a companion proposal that shifts the Pendle PT risk oracle. In DeFi, oracles are where “risk management” becomes math. If the oracle wiring is wrong or too permissive, the system can get overconfident about collateral health.
By targeting the Pendle PT risk oracle, the proposal suggests Aave sees oracle behavior as part of the exploit lesson. This does not prove the oracle was the single cause of the KelpDAO exploit. But it does indicate Aave is willing to revise not just listing policy, but the measurement layer that informs risk parameters.
Why this follows the KelpDAO exploit
The Defiant ties the proposals directly to the KelpDAO exploit. The operational takeaway is straightforward. When a security incident hits, the first instinct is patching the specific vulnerability. The second instinct is checking whether the incident exposed broader process failure.
A protocol-wide framework points to that second instinct. It tries to make risk qualification repeatable. It reduces the odds that the next asset sails through with assumptions that only looked correct in calm waters.
Here is what the newsroom can confirm from The Defiant’s account.
| Item | What’s changing | Scope |
|---|---|---|
| Main proposal | Protocol-wide risk framework for asset eligibility | Every asset on Aave V3, V4, and Aave Horizon |
| Governance enforcement | Assets that do not qualify will be removed | Cross-deployment |
| Companion proposal | Pendle PT risk oracle shift | Pendle PT risk module |
What to watch next
This kind of governance package lives or dies on details. The Defiant’s report frames the direction: tighten risk standards, remove failing assets, and adjust oracle plumbing where needed.
For Aave users, the practical concern is less about “safer by default” slogans and more about change management. If assets get delisted based on a new standard, those assets become higher-friction to use as collateral. That can shift borrower behavior and liquidity distribution across markets.
For DeFi builders, it’s about integration durability. If the eligible universe shrinks, smart contracts that assume availability can get stuck in edge cases.
Aave is responding to a real exploit with a structural approach. That’s the right instinct. Now the hard part is whether the framework is strict enough to prevent repeats without turning governance into a permanent source of collateral instability.