Related Articles
A proposal for a dedicated bug bounty program for the 24/7 channel to report security issues has been published by * **Aave Labs. ** **
- **High-priority submissions require participants to stake at least 250
$USDC
, which is forfeited if the report is invalid or deemed spam.**
Aave Labs has published a proposal for the introduction of ‘new dedicated bug bounty program to its v4 on Sherlock’S security platform for DeFi protocols.
The plan plans to set up a channel to report any security concerns on DeFi as it transitions into the fourth version (v4) of its protocol. The Labs says Sherlock has been working with the community to review the current v3 protocol and was used for early ve4 testing, according to the Lab. This means that it is common reporting standards and escalation paths for all parties.
The network’s security strategy has been largely based on bug bounties, said founder Stani Kulechov. Also, He also praised the Sherlock team for its work in handling previous bug bounty programs and security contests.
We propose to launch the Aave V4 bug bounty program with Sherlock. In Aave’s security strategy, bug bounties have long been an important part of his security plan and the Sherlock team has demonstrated a strong knowledge in both security contests and bug bounty programs. http//t, https//. co/azjjaV7fIZ.
Stani.eth (@StaniKulechov) March 5, 2026
The program was endorsed by Sherlock on its part, adding ‘Always-on coverage, structured triage and clear rise for high-severity reports as V4 ships and scales. Aave’s security commitment is steadfast, however, the same as Aanve. – ’.
Aave’s 250 $USDC Stake to Prevent Spam
The Aave v4 repositories are to be the only ones that will have been used as part of the bug bounty program, and contracts deployed were also being sent. If any other programs were to expand or migrate, it would require a separate governance poll.
Applicants can hand in medium- or low price submissions at will, according to the rules of . But they cannot upgrade these to higher-tier submissions even if they expand in scope so that they pay enough attention to the original classification.
High-priority and critical submissions, which are paid more than a million dollars, will only be used by users who stake 250 $USDC. In case the submission is legitimate, then the stake is returned together with the payout. If the stake is void, it will be forfeited to pay for triage costs if this was invalid. In this effort, it is designed to avoid spam by allowing participants to consider all submissions as high-priority in order to take a shot at the higher payout.
Aave’s security team members are immediately notified via Telegram and Slack to respond immediately after they submit for high-priority submissions. The lower-priority submissions are analyzed by an AI program with human reviewers. Only the reports considered to be of higher quality will be reviewed by .
Image courtesy of Aave Labs.
While the 250 $USDC staking will reduce spam, Aave Labs conceded that “the fact that it’s not likely for some real researchers to submit high-priority security concerns” could prevent them from applying. It plans to maintain the medium-priority tier free and prioritize senior researchers with this terr in order to reduce its impact on s.
It also acknowledged that by excluding the re-classification of medium submissions to high-priority, it would punish misclassified submission. Among the program launch materials, it plans to publish an extensive guide.
The offer comes weeks after an argument amidst Aave Labs and BGD LabS that the company is leaving at its end of this month, was launched. Aave DAO, which contracted BGD for security and technical issues in the labs’ efforts to advance protocol has resisted its attempts at progressing it, says Labs.
Thanks for reading Aave Labs Proposes Dedicated Bug Bounty Program for Aave V4 With Sherlock
