Aave DAO Launches a $1M Bug Bounty with Immunefi

Aave DAO, the governing body that oversees the Aave Protocol, a decentralized non-custodial liquidity protocol, has launched a $1 million bug bounty hosted on Immunefi, the leading web3 bug bounty and security services platform protecting over $60 billion in combined user funds across multiple networks. Immunefi has contracted with Aave Protocol creator Aave Companies, and BGD Labs, a contributor to the protocol, as technical experts to review and qualify valid bug reports.

The Aave Protocol is deployed on Ethereum and six other networks, currently with $7 billion in total value locked  (TVL) across its ecosystem. The protocol provides users with the ability to earn yield on their cryptocurrency holdings or to access liquidity by borrowing assets while providing collateral.

Based on an initial April 2023 proposal to the DAO by Immunefi, Aave Protocol has approved the launch of the bug bounty program to reduce potential security vulnerabilities. It features a maximum payout of up to $1 million for critical severity vulnerabilities, starting from $50,000. The remaining payouts range from $10,000 to $75,000 for high-severity vulnerabilities, $10,000 for medium-severity issues, and $1,000 for low-severity ones. Aave DAO will provide rewards to Immunefi in a combination of AAVE tokens and stablecoins.

“We look forward to working with Immunefi, who bring a successful track record in security services,” said Emilio Frangella, Vice President of Engineering at Aave Companies. “The Aave DAO recognizes the importance of continuously remaining vigilant in protecting against the evolving security environment.” 

“We believe that a bug bounty program is a crucial component of the Aave Protocol security stack because it incentivizes security researchers to help extend the DAO’s efforts to safeguard the protocol,” said Ernesto Boado of BGD Labs, a contributor to the  Aave ecosystem. “By launching the bug bounty program with Immunefi, we ensure we have the most efficient infrastructure to run our program, as proven by its successful track record.”

“We’re excited to support the Aave community in strengthening its ecosystem security against potential vulnerabilities,” said Mitchell Amador, Founder and CEO of Immunefi. “Aave Protocol is one of the most successful projects in decentralized finance. Their commitment to security has been remarkable and is reflected in the trust of its users.

Immunefi has facilitated the most significant bug bounties in the software industry, with over $80 million in rewards paid out. It is the largest and most widely adopted bug bounty platform in Web3, where a massive community of leading security talent review projects’ blockchain and smart contract code, find and responsibly disclose vulnerabilities, and get paid for making the ecosystem safer.

Aave DAO contributors BGD Labs and Aave Companies will both support Aave’s bug bounty program. The terms and conditions of the bug bounty, including eligibility criteria, can be found here: https://immunefi.com/bounty/aave/   

About Immunefi 

Immunefi is the leading bug bounty and security services platform for web3, which features the world’s largest bounties. Immunefi guards over $60 billion in user funds across projects like Chainlink, Wormhole, MakerDAO, TheGraph, Synthetix, and others. The company has paid out the most significant bug bounties in the software industry, amounting to over $80 million, and has pioneered the scaling web3 bug bounties standard. For more information, please visit https://immunefi.com/

About Aave Protocol

Aave Protocol is a decentralized non-custodial liquidity protocol where users can participate as suppliers or borrowers in a common pool. Suppliers provide liquidity to earn a passive income, while borrowers are able to borrow in an overcollateralized (perpetually) or undercollateralized (one-block liquidity) fashion. For more information about Aave Protocol, please visit https://aave.com/

Alpha Sigma Fund