Aave has drawn a clear line around how it wants to manage risk as it heads into the V4 era. The protocol’s leadership refused Chaos Labs’ bid to become Aave’s sole risk provider and to replace Chainlink’s oracle role, choosing instead to preserve a multi-provider structure built around redundancy and distributed trust.
That decision ultimately led to Chaos Labs leaving its position, turning what began as a negotiation over scope and funding into a more consequential governance break. At the heart of the dispute was a basic disagreement over whether Aave should concentrate critical risk functions in one provider or continue spreading responsibility across multiple contributors.
We respect the decision of Chaos Labs to step down as one of the two risk managers for the Aave DAO.
We want to thank Chaos Labs for their work over the years. They have been a valuable partner to the Aave DAO, and their contributions have helped Aave grow and mature.
There is…
— Stani (@StaniKulechov) April 6, 2026
Aave chose resilience over consolidation
For Aave’s leadership, the issue was not only commercial but architectural. Stani Kulechov framed the rejection as a defence of the protocol’s resilience, arguing that giving a single provider exclusive control over risk services and oracle infrastructure would run against Aave’s long-standing preference for distributed dependencies.
That view also reflected the protocol’s existing reliance on Chainlink in production. Chainlink’s role was treated as operationally central, especially after recent integrations such as SVR on Arbitrum and Base, which reinforced the case for keeping an oracle stack with an established live-market track record.
From that perspective, Chaos Labs’ proposal was more than a routine expansion of responsibilities. The request to combine exclusive risk oversight with a replacement of existing oracle contributors would have fundamentally changed Aave’s dependency model at a moment when the protocol is preparing for a more complex upgrade cycle.
The V4 upgrade turned a strategic difference into a financial one
The tension sharpened as both sides assessed the demands of Aave V4. Chaos Labs argued that the new architecture would materially increase workload and compliance exposure, and placed the minimum annual cost of continuing in an expanded role at roughly $8,000,000.
Aave Labs did not accept that structure. The counteroffer stayed closer to $5,000,000 and did not include any willingness to remove other providers from the stack, leaving the parties split on both authority and compensation.
That left little room for compromise. Chaos Labs was effectively asking for broader control and a larger budget to match what it saw as a doubled operational burden, while Aave remained committed to a model in which no single provider would dominate core risk or oracle functions.
We acknowledge @ChaosLabs' sudden announcement to step down from their @Aave risk mandate.
LlamaRisk has served the Aave ecosystem for the past two years, delivering risk frameworks, parametrization, and quantitative models underpinning all Aave deployments across V3, V4, and… https://t.co/AOGRH7pblu
— LlamaRisk (@LlamaRisk) April 6, 2026
In practical terms, the protocol has already moved to preserve continuity. LlamaRisk has been designated to take on expanded responsibilities so that Aave can maintain its multi-provider risk framework without leaving a gap in oversight as V4 approaches.
The dispute reveals something larger about how DeFi governance evolves under pressure. As protocols become more complex, technical architecture and commercial negotiations can no longer be treated separately, because disagreements over budgets, scope and authority now feed directly into continuity, security and trust.