Aave Restructures Bug Bounty Program with Increased Rewards

Aave Restructures Bug Bounty Program with Increased Rewards

First seen 14 May 2026, 19:01 UTC BitgetPanewslabKucoinCryptorankChaincatcher+3 88% similarity 27.9

Article Content

Browse articles
ThreatCluster

On May 15, 2026, Aave Labs proposed a significant restructuring of its bug bounty program, dividing it into multiple independent programs managed by Immunefi, Sherlock, and Cantina. The maximum bounty for critical vulnerabilities in Aave V4 is set to increase from $500,000 to $2.5 million, while the maximum for Core Aave V3 will rise from $1 million to $5 million. This restructuring aims to better align rewards with the risk profiles of various subsystems and simplify the operational review process. The Aave DAO will also take over the funding for the Aave V3 on Aptos bug bounty from Aave Labs. The proposal will be evaluated over the next 6 to 12 months to assess its effectiveness.

Key Points: • Aave's bug bounty program is being split into independent initiatives for better management. • Maximum rewards for critical vulnerabilities in Aave V4 and Core Aave V3 are significantly increased. • The Aave DAO will assume responsibility for funding the Aave V3 on Aptos bug bounty.

ThreatCluster AI

Timeline

2026-05-14
Initial announcement of bug bounty adjustments
Aave announced adjustments to its bug bounty program, including increased maximum rewards for critical vulnerabilities.
Panewslab
2026-05-15
Aave proposes bug bounty program restructuring
Aave Labs announced a new framework for its bug bounty program, increasing maximum rewards for critical vulnerabilities significantly.
Bitget
2026-05-15
Aave DAO to manage bug bounty funds
The responsibility for Aave V3 on Aptos bug bounty funding will be transferred from Aave Labs to the Aave DAO.
Kucoin

Community

Browse all →