Aave and Cantina are joining forces to initiate a live security challenge targeting four production contracts, each provisioned with $25,000 in active liquidity and now accessible for exploit attempts conducted within Cantina’s controlled environment. Researchers who identify scoped vulnerabilities and execute valid exploits through the platform will retain the assets they recover.
This challenge represents a direct and uncompromised validation of protocol infrastructure in its deployed form.
Participation and Eligibility
To participate in the challenge, researchers must register through Aave’s CTF page, complete KYC verification, and accept Cantina’s Terms of Service. Participants will receive scoped access to the targets along with relevant technical documentation and tools necessary for engagement.
All testing must be conducted within Cantina’s infrastructure, and all actions must remain within the defined scope. Exploits that occur outside this framework are not eligible for rewards and may prompt a formal response from Aave. This requirement ensures a structured and transparent process that protects both researcher integrity and protocol operations.
Strategic Rationale
Aave continues to shape the future of decentralized finance across both EVM and non-EVM ecosystems. The recent introduction of Aave v3.1 on EVM chains brought forward major improvements to interest rate logic, protocol accounting, and system upgradeability. In parallel, Aave’s deployment on the Aptos blockchain marked its first implementation in the Move programming language, further expanding its architectural footprint.
This mainnet challenge enables Aave to validate those advancements under open, adversarial pressure. The testing conditions are authentic. The consequences are final. No abstractions are applied. The infrastructure in question is the infrastructure that governs value in the real world.
Scope and Objectives
This challenge will assess four core contracts currently active on Ethereum, each holding live liquidity. The targeted architecture spans several layers of the protocol stack, including accounting models, rate strategies, and access controls. All participating researchers will engage directly with deployed assets under structured, scoped conditions.
Cantina’s environment has been engineered to preserve clarity, enable precision, and support exacting standards for outcome-driven validation.
Security Without Abstraction
This is not the first time Aave has selected Cantina to support protocol-critical security efforts. In the months leading up to this challenge, Cantina conducted two independent reviews in collaboration with Aave. The first examined the v3.1 upgrade path, testing new protocol logic, incentive structures, and contract behaviors introduced across EVM deployments. The second focused on Aave’s Move-based expansion to Aptos, with an emphasis on oracle integration, flash loan architecture, and access control enforcement.
These engagements produced precise results and reinforced a model that favors clarity, high-signal feedback, and secure execution under pressure. This mainnet challenge continues that trajectory, placing production systems in the open and challenging the research community to deliver concrete results.
Onboarding Process and Launch Date
Researchers may begin onboarding immediately through Cantina. The challenge begins now, Friday June 27 . At launch, participants will receive access to detailed scope definitions, target contract references, and rules of engagement. All infrastructure required to participate will be fully operational at the time of launch.
Setting a Higher Bar
This challenge is part of a broader initiative to redefine what it means to test protocol infrastructure. Cantina’s live CTFs do not simulate risk, but they expose systems to it. Each event provides a structured environment where participants operate under real conditions and outcomes reflect system truth.
Aave and Cantina are aligned in this approach. This challenge exists to surface signal, strengthen protocols, and move the industry forward. It is open to those who are ready to test with intent and operate with precision.
If your organization is preparing to deploy critical infrastructure and requires high-assurance, adversarial validation, contact us here. We will help you build the environment you need.