Aave Protocol Restructures Bug Bounty Programs
Aave Protocol Restructures Bug Bounty Programs
🔒 Aave Bounty Overhaul
Aave has announced a restructuring of its bug bounty programs to enhance security measures across the protocol.
Key Changes:
- Updated bounty structure and reward tiers
- Modified scope and eligibility criteria
- Enhanced reporting procedures for security researchers
The restructure aims to strengthen the protocol's security framework and incentivize responsible disclosure of vulnerabilities. This follows a recent security review conducted by Trail of Bits in February 2026.
Full details of the changes are available in the governance proposal: ARFC: Aave Protocol Bug Bounty Programs Restructure
The community can review and provide feedback on the proposed changes through the governance forum.
Find the full changes here: governance.aave.com/t/arfc-aave-pr…
Aave Increases Bug Bounty Payouts 5x for V4 and Core V3
Aave has revamped its bug bounty program with significantly higher rewards and streamlined processes. **Key Updates:** - Critical bug payout caps increased **5x** for Aave V4 and Core Aave V3 - Payouts now better aligned with risk profiles across different ecosystem components - Simplified review pathways for security researchers This follows Aave Labs' March proposal to launch a dedicated V4 bug bounty program on Sherlock, aimed at creating an always-on security reporting channel with improved triage to handle high-severity reports urgently.
rsETH Bridging Reopens After Technical Recovery
**rsETH operations are resuming** after a successful technical recovery. The first tranche of rsETH has been transferred into the LayerZero OFT adapter, reopening bridging between mainnet and Layer 2 networks. **Key developments:** - Initial recovery steps completed, including burning exploiter's rsETH on Arbitrum - LayerZero OFT adapter being progressively refilled - Cross-chain bridging functionality restored The phased approach allows for careful monitoring as operations return to normal over the coming days.
Court Clears Path for Arbitrum ETH Transfer to Aave LLC
A court has modified a restraining notice to allow Arbitrum DAO's onchain vote and transfer of frozen ETH to Aave LLC for rsETH recovery efforts. **Key developments:** - Plaintiff-judgment creditors served restraining notice on May 1 targeting ETH frozen after rsETH incident - Aave LLC filed emergency motion to vacate the notice - Court modified notice on May 8 to permit transfer while restraining notice attaches to Aave LLC - Amended Constitutional AIP maintains recovery intent approved by Arbitrum DAO - ETH remains directed toward rsETH recovery as legal proceedings continue **Background:** The frozen ETH stems from the April 18 Kelp DAO rsETH bridge exploit. Arbitrum DAO previously voted with strong support (190M+ ARB tokens) to release the funds to DeFi United, a cross-protocol recovery effort led by Aave service providers alongside partners including Lido, EtherFi, Ethena, and LayerZero. [Full proposal details](https://forum.arbitrum.foundation/t/constitutional-aip-approve-release-of-frozen-eth/30825/37?u=aavelabs)
Aave Pro Launches Unified Markets Dashboard for V4
**Aave Pro introduces a comprehensive markets feature** that consolidates critical protocol information into a single interface. **Key features include:** - Market data and analytics - Deposit and borrow asset tracking - Connected hubs overview - Market composition breakdown The new dashboard is now available for users to explore on Aave V4. This update follows Aave's recent security-focused expansion, which saw supply and borrow caps increased across multiple assets to handle growing deposit volumes. Aave Pro serves as the primary interface for V4, enabling users to earn, borrow, swap, and monitor positions through a unified platform.