- Aave Labs has published a proposal for a dedicated bug bounty program for a 24/7 channel to report security issues.
- High-priority submissions require participants to stake at least 250 USDC, which is forfeited if the report is invalid or deemed spam.
Aave Labs has published a proposal to launch a new dedicated bug bounty program for its v4 on Sherlock’s security platform for DeFi protocols.
The proposal aims to establish a channel to report any security concerns on the DeFi platform as it transitions to the fourth version (v4) of its protocol. The Labs says that Sherlock has been working with the community to audit the current v3 protocol and was used for early v4 testing. This translates to shared reporting standards and escalation paths for all parties.
Founder Stani Kulechov noted that bug bounties have been an important part of the network’s security strategy. He also praised the Sherlock team for its expertise in managing previous bug bounty programs and security contests.
We propose launching the Aave V4 bug bounty program with Sherlock. Bug bounties have long been an important part of Aave’s security strategy, and the Sherlock team has demonstrated strong expertise in managing both security contests and bug bounty programs. https://t.co/azjjaV7fIZ
— Stani.eth (@StaniKulechov) March 5, 2026
On its part, Sherlock expressed support for the proposed program, adding, “Always-on coverage, structured triage, and clear escalation for high-severity reports as V4 ships and scales. Aave’s commitment to security stays constant.”
Aave’s 250 USDC Stake to Prevent Spam
The bug bounty program will be limited to the Aave v4 repositories and deployed contracts. Any expansion or migration of other programs would need a separate governance poll.
Participants can hand in medium- or low-priority submissions at will. However, they cannot upgrade these to upper-tier submissions even if they expand in scope to ensure they pay enough attention to the original classification.
The high-priority and critical submissions, which receive heftier payouts, will be limited to users who stake 250 USDC. If the submission is valid, the stake is returned together with the payout. If invalid, the stake is forfeited to pay for triage costs. This is intended to prevent spam where participants classify all submissions as high-priority to take a shot at the higher payout.
For high-priority submissions, Aave’s designated security team members are instantly notified via Telegram and Slack to respond immediately. The lower-priority submissions are assessed by an AI program working alongside human reviewers. Only the reports deemed higher-quality will be submitted for review.
Image courtesy of Aave Labs.
Aave Labs conceded that while the 250 USDC staking will reduce spam, it could put off some genuine researchers from submitting high-priority security concerns. To mitigate, it intends to keep the medium-priority tier free and to prioritize experienced researchers using this tier.
It also acknowledged that by barring the re-classification of medium submissions to high-priority, it would punish misclassified submissions. It intends to publish an extensive guide as part of the program launch materials.
The proposal comes weeks after a dispute between Aave Labs and BGD Labs imploded, with the latter announcing its departure at the end of this month. BGD, which was contracted by the Aave DAO to cater to security and technical issues, says the Labs has frustrated its efforts to advance the protocol.
Disclaimer: The information on this page may come from third parties and does not represent the views or opinions of Gate. The content displayed on this page is for reference only and does not constitute any financial, investment, or legal advice. Gate does not guarantee the accuracy or completeness of the information and shall not be liable for any losses arising from the use of this information. Virtual asset investments carry high risks and are subject to significant price volatility. You may lose all of your invested principal. Please fully understand the relevant risks and make prudent decisions based on your own financial situation and risk tolerance. For details, please refer to
Disclaimer.
Related Articles
Ondo Finance submits a letter to the U.S. SEC requesting no enforcement action, concerning on-chain record-keeping of tokenized securities rights on the rights chain
Ondo Finance filed a request with the SEC on April 13, seeking confirmation that recording securities interests on the Ethereum mainnet in a tokenized form is compliant under certain patterns. Ondo believes that this on-chain recording can improve collateral monitoring, optimize processes, and simplify reconciliations, with the goal of operating in coordination with traditional finance.
GateNews1h ago
Pi Network Distributes 26.5M PI to 1M KYC Validators
Pi Network has taken another step forward in building its ecosystem. The project recently distributed 26.5 million PI tokens to more than 1 million KYC validators.
These rewards were given to users who helped verify identities on the network. This process is important. Because it ensures that
Coinfomania2h ago
Aave Faces a Major Trust Crisis: Service Providers Exit En Masse, with “Technology, Governance, and Risk Control” Fully Failing
Author: Jae, PANews
Compared with the external pressure of a bear market, Aave has instead seen a “black swan” emerge internally first.
Aave, which has long occupied the throne of lending agreements, is now facing the most severe ecosystem shake-up since its founding. There has been no hacker attack, no code vulnerabilities—only power gone out of control and conflicting interests.
From BGD Labs, a technical cornerstone, decisively leaving, to a public break between governance pioneer ACI (Aave Chan Initiative), and then to Chaos Labs, the risk-management steward, announcing that it is parting ways— a major “service provider retreat” is unfolding.
The depth of this game goes far beyond a mere cooperation dispute; it has triggered
区块客2h ago
Hyperliquid introduces a priority fee mechanism on mainnet; the order priority fee cap is reduced to 8 bps
Hyperliquid founder Jeff announced on Discord that the priority fee mechanism has been live on the mainnet in Alpha mode, including two types: Gossip and Order. Users can pay with HYPE tokens; the order priority fee cap has been reduced from 20 bps to 8 bps. Currently, it only applies to IOC orders for HIP-3 assets.
GateNews4h ago
Byreal launches an on-chain AI trading assistant, RealClaw, supporting third-party skill extensions
Byreal launched an on-chain AI trading assistant, RealClaw, on April 13. The tool is built on the OpenClaw framework, supports third-party skill extensions, and allows users to customize their trading strategies. It is currently in the Alpha testing stage and is only available to invited users.
GateNews4h ago
Aave governance civil war ends: The AWW proposal overwhelmingly passes “all-product revenue to the DAO,” and $AAVE becomes the sole core asset
Aave founder Stani Kulechov announced that the “Aave Will Win” proposal has passed, consolidating all application product revenues into the DAO, and positioning $AAVE as the single core asset. The goal is to expand the agreement’s scale to $1 trillion. This proposal ended Aave’s governance crisis, establishing new revenue streams and governance principles aimed at strengthening community trust and value.
動區BlockTempo5h ago
