The deployment of Aave V3 on the Aptos blockchain marks Aave's inaugural expansion beyond Ethereum Virtual Machine (EVM) compatible chains, tapping into Aptos' high throughput and advanced security features. Aptos, developed by former leaders of Meta’s Diem project, is designed to address limitations in existing blockchain systems, offering advantages such as lower transaction fees, higher throughput, and advanced consensus mechanisms. This strategic move aims to broaden Aave's reach and leverage Aptos' growing DeFi ecosystem.
More extensive information about the project can be found on the Aave governance forum HERE
Prize distribution and scoring
-
Total Prize Pool: $150.000 GHO
-
The prize distribution has 3 possible triggers:
- If one or more valid low/informational severity findings are found, the total pot size is $20,000
- If one or more valid medium severity findings are found, the total pot size is $50,000
- If one or more valid high severity findings are found, the total pot size is $150,000
-
Only High and Medium findings would be accepted for the Primary Prize Pool.
-
$20,000 of the total prize pool is reserved for Low Severity or informational findings. These reports are judged based on quality and reviewers are then ranked from 1st to 5th for the purpose of prize allocation:
- 1st $10,000
- 2nd $5,000
- 3rd $2,000
- 4th $1,500
- 5th $1,500
Impact and Likelihood
Impact Assessment
- High: Leads to a loss of a significant portion of assets in the protocol, or significant harm to a majority of users. Core Protocol functionality broken. Permanent locking of funds.
- Medium: Losses to only a subset of users, but still unacceptable. DOS of funds for days or more.
- Low: Losses will be annoying but bearable-applies to things like griefing attacks that could be easily fixed.
Likelihood Assessment
- High: Almost certain to happen, easy to perform, or not easy but highly incentivized.
- Medium: Only conditionally possible or incentivized, but still relatively likely.
- Low: There are rare events but are theoretically possible under certain extreme but realistic market conditions
Please note that in case of any ambiguity or categories outside of the above, the Judges+Cantina team will have the final say on the severity of the findings.
Please read the following description of how to submit a good finding.
Additional information on Severities described in detail on our docs page.
The Scoring mechanism can be found here.
Note: For Low findings, we want to encourage high-quality non-trivial submissions. Given that the codebase has gone through multiple reviews before, and due to the large number of participants, we’ll be marking any trivial low findings as informational and may not be considered for reward. To reiterate, the above pot is judged on quality alone and not quantity.
Documentation
Scope
- Repository: https://github.com/aave/aptos-aave-v3
- Commit:
1a1913d9913b1fd41e661d7bc39c999784b1708f
Build Instructions
POC rule
- Mandatory POC rule applies for this competition
Out Of Scope
Due to unavoidable reasons with github the repository had to be taken down and made public with a new commit hash during which one of the issues that was privately fixed ended up on the public commit.
Finding: Incorrect Resource Address in Data Provider
Fix link here
This finding would be considered out of scope after the recent commit hash 1a1913d9913b1fd41e661d7bc39c999784b1708f
We will review this further but any other potential findings released here would be out of scope.
- Audit Reports
- sUSDe capo implementation (to be included soon)
Contact Us
For any issues or concerns regarding this competition, please reach out to the Cantina core team through the Cantina Discord.
Summary
Status
LiveTotal reward:
150,000 GHO
Findings submitted:
323
Start date:
19 May 2025 1:00pm (local time)
End date:
9 Jun 2025 8:00pm (local time)