Aave Labs 在 V4 發布前投入約 150 萬美元開展一項長達 345 天的全面安全審計計劃,引入 ChainSecurity、Trail of Bits、Blackthorn 和 Certora 四家頂尖安全公司,並在 Sherlock 平台舉行公開競賽,吸引逾 900 名研究員提交超過 950 份研究成果。
150 萬美元審計計劃解析:多層次安全審查架構
Aave Labs 此次審計的核心設計邏輯是「多角度並行測試」,而非以往常見的單一審計流程。整個審計計劃由 Aave DAO 出資,分三大階段進行:
機構安全公司審查:ChainSecurity、Trail of Bits、Blackthorn 和 Certora 分別從不同角度對協議程式碼進行深度測試,覆蓋逆向工程、形式驗證和智慧合約邊界情境
六週公開競賽:2025 年 12 月至 2026 年 1 月在 Sherlock 平台舉行,逾 900 名獨立研究員提交超過 950 份成果,公開競賽環節零關鍵漏洞獲確認;10,000 美元 USDC 獎金依積分比例分配給 6 名研究員
持續漏洞賞金計劃:Aave Labs 另提議在 Sherlock 上設立針對 V4 的常態化漏洞回報渠道,並配備分類機制,過濾低質量報告,優先處理高風險發現
早期審查的研究人員指出,對於一個當時仍處於審計前期階段的項目,V4 的程式碼結構「異常簡潔」,顯示安全設計從開發初期就已內嵌至架構之中。
V4 的分層安全模型:從「先建後審」到「邊建邊驗」
Aave Labs 在 V4 開發中系統性地拋棄了 DeFi 行業曾盛行的「快速迭代、事後修補」模式。其 V4 安全框架圍繞五個核心理念構建:
形式化驗證(Formal Verification):由 Certora 負責建立程式碼必須始終滿足的數學規則(「不變量」),在人工審核啟動前,程式碼必須先通過機器驗證。這種方式能夠系統性地發現人工審核可能忽略的邏輯邊界問題。
AI 驅動的異常路徑掃描:自動化系統協助識別極端情境下的攻擊路徑,補充人工審核在覆蓋廣度上的局限。
分層審查機制:人工審核與自動化測試同步進行,並對每次程式碼更新持續執行安全檢查,而非僅在版本發布前集中審核。
此外,V4 採用「中心輻射式」架構設計,有助於縮小協議的整體攻擊面,從結構層面降低常見 DeFi 漏洞的利用風險。
機構資本的門檻訊號:零漏洞意味著什麼
在 DeFi 安全事件頻發的背景下,Aave Labs 此次審計的意義不僅在於技術層面。150 萬美元的安全投入,相對於協議鎖定總值(TVL)而言是極小的代價,卻傳遞出明確的機構信任訊號——對尚存在未知智慧合約風險疑慮的機構資金而言,公開競賽環節的零漏洞結果是進入決策流程的重要前提。
V4 的真正考驗仍在主網上線後的初期運行。若能在最初幾個月保持零重大事故,此前因黑客攻擊事件而對 DeFi 持謹慎態度的資金,有望逐步向該協議靠攏。
常見問題
Aave Labs V4 的 150 萬美元審計費用是如何構成的?
審計費用涵蓋了委託 ChainSecurity、Trail of Bits、Blackthorn 和 Certora 四家安全公司的專業服務費,以及在 Sherlock 平台舉行公開競賽的獎金與平台費用。整個計劃歷時 345 天,是 DeFi 領域有記錄以來規模最大的安全審計投入之一。
Certora 的「不變量(Invariants)」在 V4 安全框架中扮演什麼角色?
不變量是由 Certora 負責制定的數學規則,規定了程式碼在任何情況下必須始終滿足的邏輯條件。V4 的程式碼在進入人工審核階段前,必須先通過形式化驗證工具的自動測試,確保這些規則在所有可能的執行路徑下均成立,從根本上消除部分類別的邏輯漏洞。
V4 的「中心輻射式」架構如何降低 DeFi 安全風險?
傳統 DeFi 協議往往在多個模組間存在複雜的相互依賴,一個模組的漏洞可能引發連鎖反應。中心輻射式架構通過明確分離各功能模組,將核心邏輯集中於一個受嚴格保護的「中心」,從結構層面壓縮了攻擊者可利用的攻擊面,使協議在面對複雜的跨模組攻擊時具備更強的抵禦能力。
Disclaimer: The information on this page may come from third parties and does not represent the views or opinions of Gate. The content displayed on this page is for reference only and does not constitute any financial, investment, or legal advice. Gate does not guarantee the accuracy or completeness of the information and shall not be liable for any losses arising from the use of this information. Virtual asset investments carry high risks and are subject to significant price volatility. You may lose all of your invested principal. Please fully understand the relevant risks and make prudent decisions based on your own financial situation and risk tolerance. For details, please refer to
Disclaimer.
Gerelateerde artikelen
Curve Introduces Bad Debt Recovery Mechanism Allowing Users to Exit or Participate in Repair
According to Curve Finance, the protocol recently introduced a bad debt recovery mechanism that enables users affected by bad debt in certain lending markets to choose from multiple recovery strategies: directly sell debt positions to exit, hold and wait for potential repairs, or provide liquidity t
GateNews13m geleden
AI Agent Manfred Forms Company, Prepares to Trade Crypto by End of May
AI agent Manfred has already established a company and obtained a crypto wallet along with credentials to hire staff, make payments, and conduct business. The agent is scheduled to begin crypto trading by the end of
GateNews53m geleden
Mantle's rsETH Relief Loan Proposal Enters Aave Governance Vote as DeFi United Raises $314.57M
According to Mantle Network's official announcement, the rsETH relief coordination loan facility proposal for Aave has entered the governance voting phase. Mantle will provide a loan to support Aave's relief efforts, enabling users to orderly exit or resolve related positions. As of now, the DeFi
GateNews2u geleden
Cardano Foundation Releases Podcast on Digital Trust Infrastructure Framework
According to Cardano Foundation, on May 2, the foundation released a new episode of its "Let's Talk Cardano" podcast series featuring Douglas Heintzman of the Blockchain Research Institute, exploring Digital Trust Infrastructure (DTI). The episode discusses a five-layer framework designed to build t
GateNews2u geleden
TON Mainnet Validator Minimum Staking Threshold Expected to Rise to 1 Million TON on May 2
According to TON, on May 2, the minimum staking threshold for mainnet validators is expected to rise from 824,000 TON to 1 million TON, while the maximum threshold will increase from 2.425 million TON to 3 million TON. The protocol cited increased capital inflows into the validator network as the re
GateNews2u geleden
Zcash Foundation Releases Zebra 4.4.0 on May 2, Fixing Multiple Consensus-Level Security Vulnerabilities
According to Zcash Foundation, Zebra 4.4.0 was released on May 2 to fix multiple consensus-level security vulnerabilities and strongly recommends all node operators upgrade immediately. The update addresses denial-of-service flaws that could halt new block discovery, block signature operation
GateNews4u geleden
