PANews reported on May 14th that Aave announced a restructuring of its protocol bug bounty program, splitting it into multiple independent bounty projects based on different subsystems, and adjusting the reward structure and review process. Notably, the maximum bounty for critical vulnerabilities in Core Aave V3 and Aave V4 has been increased to five times its original value.
According to the proposal, the maximum reward for critical vulnerabilities in Core Aave V3 will be increased from $1 million to $5 million, while the maximum reward for critical vulnerabilities in Aave V4 will be increased from $500,000 to $2.5 million. The new bug bounty system will cover Core Aave V2/V3, GHO, Aave V4, Aave V3 on Aptos, and the Aave App Stack, and will be operated by platforms such as Immunefi, Sherlock, and Cantina, respectively. The Aave DAO also plans to take over the Aptos bug bounty funding previously managed by Aave Labs.
