Aave Enhances Bug Bounty Program with Increased Rewards for Critical Vulnerabilities
Severity: Low (Score: 30.9)
Sources: Bitget, Panewslab
Summary
On May 14, 2026, Aave announced a significant update to its bug bounty program, restructuring it into multiple independent projects based on subsystems. The maximum reward for critical vulnerabilities has been increased fivefold: from $1 million to $5 million for Core Aave V3 and from $500,000 to $2.5 million for Aave V4. This new bounty system will cover various components, including Core Aave V2/V3, GHO, Aave V4, Aave V3 on Aptos, and the Aave App Stack. The program will be managed by platforms such as Immunefi, Sherlock, and Cantina. Additionally, the Aave DAO plans to take over the funding for the Aptos bug bounty previously managed by Aave Labs. Key Points: • Aave's bug bounty program has been restructured to include multiple independent projects. • Maximum rewards for critical vulnerabilities have increased significantly, up to $5 million. • The new bounty system will cover various Aave components and be managed by established platforms.