Aave Restructures Bug Bounty Program with Increased Rewards
Severity: Low (Score: 27.9)
Sources: Kucoin, Bitget, Panewslab
Summary
On May 15, 2026, Aave Labs proposed a significant restructuring of its bug bounty program, dividing it into multiple independent programs managed by Immunefi, Sherlock, and Cantina. The maximum bounty for critical vulnerabilities in Aave V4 is set to increase from $500,000 to $2.5 million, while the maximum for Core Aave V3 will rise from $1 million to $5 million. This restructuring aims to better align rewards with the risk profiles of various subsystems and simplify the operational review process. The Aave DAO will also take over the funding for the Aave V3 on Aptos bug bounty from Aave Labs. The proposal will be evaluated over the next 6 to 12 months to assess its effectiveness. Key Points: • Aave's bug bounty program is being split into independent initiatives for better management. • Maximum rewards for critical vulnerabilities in Aave V4 and Core Aave V3 are significantly increased. • The Aave DAO will assume responsibility for funding the Aave V3 on Aptos bug bounty.