At the Aave Companies, security is our top priority as we build protocols; this is top of mind as we innovate new software. Cryptoassets supplied to the Aave Protocol are stored on a non-custodial smart contract on the Ethereum blockchain. You control your wallet. Regulated and auditable by code.
Aave Protocol has had audits by Trail of Bits, Open Zeppelin, Consensys Diligence, CertiK, PeckShield, Certora and SigmaPrime. All audits are publicly available, and you can find them below.
Bug bounty
There is a Bug Bounty program for V2 of the Aave Protocol, in which community members can report what they believe may be bugs or vulnerabilities. Valid reports may be rewarded up to $250,000 (only for critical bugs). More information on the bounty criteria and application process is available on the Bug Bounty page.
Oracles
Aave Protocol is integrated with Chainlink to power the Aave oracle network, which provides live price feeds for 66 crypto assets. The Chainlink oracles reflect real time conditions on and off chain in the prices on the Aave Protocol. Decentralization is the foundation of Aave Protocol, and Chainlink guarantees a decentralized oracle service that cannot be exploited at a single point.