[ARFC] Adopt The SEAL Safe Harbor Agreement

Title: [ARFC] Adopt The SEAL Safe Harbor Agreement

Authors: @samczsun (SEAL), @dickson (SEAL), bgdlabs.eth

Date: 2025-09-02

Introduction

This proposal outlines Aave Governance’s adoption of the SEAL (Security Alliance) Whitehat Safe Harbor Agreement (“Safe Harbor Agreement”). By adopting Safe Harbor, Aave improves the security of its on-chain assets by allowing whitehats to intervene during active exploits to save protocol funds.

What is the Safe Harbor Agreement?

The Safe Harbor Agreement addresses a critical need in crypto: enabling whitehats to intervene during active exploits when traditional responsible disclosure procedures are not feasible.

Key aspects of the agreement include:

• Encouraging Whitehats to Protect the Protocol: By adopting Safe Harbor, Aave incentivizes whitehats to step in and protect the protocol during active exploits by limiting their legal exposure.

• Intervention Only During Active Exploits: Whitehats are authorized to act only when there is an immediate or ongoing exploit that threatens the protocol. This agreement applies only to critical situations where responsible disclosure procedures would not save funds due to the urgency of the exploit, and it is not intended for routine security testing or vulnerability reporting. An example of what would fall under scope would be a malicious transaction present in the mempool, which could be frontrun. An example of what falls out of scope would be a security researcher finding a critical vulnerability that should be reported to the protocol via a bug bounty provider. Any attempt to initiate a blackhat transaction, or to disguise a blackhat action as a whitehat intervention, is strictly prohibited and will not be protected under this safe harbor, and may result in prosecution to the fullest extent of the law.

• Mandatory Return of Rescued Funds: Under the terms of the Safe Harbor, whitehats are required to return all rescued assets to a pre-designated recovery address controlled by the protocol within 72 hours of recovering them. This ensures that recovered funds are quickly secured, preventing delay or potential loss.

• Clear Guidelines and Legal Protection: The agreement establishes strict rules for how whitehats must operate during an exploit, ensuring recovery efforts are conducted professionally and safely, minimizing the risk of mistakes or further damage to the protocol. By adhering to these guidelines, whitehats can limit their potential legal exposure, allowing them to act in good faith without fear of liability.

• Incentivized Rescue Efforts: To motivate whitehats to act during critical situations, the agreement offers a bounty system similar to a bug bounty. Whitehats are rewarded with a percentage of the recovered assets, up to a predefined cap, for their successful interventions. Note: Safe Harbor and the Bug Bounty program are totally separate, but mutually exclusive rewards-wise: a whitehat rewarded for a report via the Bug Bounty program is not eligible for a reward on the same exploit, even if legal protection of Safe Harbor applies.

For more information, check out the Safe Harbor Agreement here.

Rationale

Aave is committed to enhancing its security and protecting user funds during critical moments. While security audits and other preventive measures are crucial, the unpredictable nature of exploits requires a swift, decisive response mechanism to minimize potential damage.

The Safe Harbor Agreement empowers whitehats to act immediately during an active exploit, providing a proactive and structured recovery process. By enabling whitehats to step in and recover assets during a crisis, Aave strengthens its defenses against emerging threats.

Benefits of adopting the Safe Harbor Agreement include:

• Agile Defense Against Exploits: Whitehats are authorized to intervene as soon as an active exploit is detected, enabling them to respond faster than traditional methods. This ensures that Aave is protected against threats even without the ability to halt the protocol. Immediate action minimizes the window for malicious actors, reduces damages, and accelerates the recovery of assets during critical moments.

• Clarified Rescue Process: The agreement ensures that every step, from intervention to fund recovery, is predetermined and streamlined. Whitehats know exactly where to send recovered funds, preventing chaotic negotiations or rushed decisions during an exploit. This clarity ensures efficient, decisive action when it matters most.

• Clear Financial Boundaries: The predefined bounty system, with a cap matching Aave’s existing bug bounty, ensures that whitehats are incentivized fairly without creating conflicting priorities between exploit intervention and standard vulnerability disclosure. By setting expectations upfront, it eliminates post-exploit negotiations, ensuring funds are returned promptly without attempts to change the reward amount, keeping the process fair and transparent.

• Aligning with Industry Best Practices: By adopting the Safe Harbor Agreement, Aave aligns itself with leading security practices across the industry, reinforcing its commitment to staying at the forefront of protocol security.

Adoption of the agreement complements audits by providing an additional layer of security, ensuring that the protocol is better prepared to respond to active threats.

Adoption Details

Aave will adopt the agreement with the following parameters. For a full description of these adoption details, review the Safe Harbor for Protocols document.

1. Asset Recovery Address: Addresses controlled by Aave, which recovered funds will be returned to in the event of a hack.

2. Scope: List of all on-chain assets protected under Safe Harbor.

“All”: The Safe Harbor Agreement will cover both the subcontracts currently deployed under this contract and any future subcontracts deployed through it. This ensures that all present and future subcontracts are protected.

3. Contact Details: Designated security contact for Aave

   • Name: BGD Labs

   • Contact Information: aave-security@bgdlabs.com

4. Bounty Terms: Predetermined rewards for successful whitehats that protect protocol funds

   • Bounty Percentage: 10% of recovered funds.

   • Bounty Cap (USD): $1M

   • Aggregate Bounty Cap (USD): $1M

   • Retainable: False

     1. This means that whitehats cannot retain their bounty directly from the recovered assets. Instead, all rescued funds must be returned to the protocol’s designated asset recovery address, and the bounty will be paid out separately afterwards.

   • Identity Verification: Named

     1. Whitehats may need to provide their full legal name. This requirement ensures compliance with legal obligations and is similar to the identity verification standards seen in traditional bug bounty programs.

   • Diligence Requirements: KYC & Global Sanction Verification

     1. Aave may require all eligible whitehats to undergo Know Your Customer (KYC) verification and be screened against global sanctions lists, including OFAC, UK, and EU regulations. This process ensures that all bounty recipients are compliant with legal and regulatory standards before qualifying for payment.

     2. In line with the ethos of Safe Harbor and Aave’s existing bug bounty practices, the DAO will avoid requesting KYC whenever possible to respect the anonymity of whitehats. However, KYC may still be required if deemed necessary during the due diligence process following an incident - for example, to validate eligibility for a reward or confirm compliance with legal obligations. If requested, this process will be completed within the 15-day post-incident review period.

     3. Safe Harbor and the Aave Bug Bounty program are completely separate but mutually exclusive from a rewards perspective. A whitehat rewarded via the Bug Bounty program cannot receive a reward for the same exploit under Safe Harbor, even if Safe Harbor’s legal protections apply.

Note: The reward payment will be made from the funds of the Aave DAO treasury, not anyhow from from the rescued funds, which belong to the protocol’s users, not the DAO

Note: Reward denomination (stablecoins or other tokens) are sole discretion of the Aave DAO via the security coordinator, and following recommendations by treasury contributors. If the payment is partially or done in volatile assets (e.g., ETH or AAVE), the 30-day average price from the moment of the incident will be taken as reference.

Implementation Plan

1. Register Agreement On-Chain:

   • The agreement will be registered on Ethereum in the Safe Harbor Registry at address 0x1eaCD100B0546E433fbf4d773109cAD482c34686, including all adoptionDetails. This ensures transparency and immutability.

2. Communicate Adoption:

   • An official announcement will be made across all Aave communication channels, explaining the adoption and its significance to the community.

3. Future Updates to Scope:

   • New versions of Aave will be reviewed and added to the Safe Harbor Agreement scope via Aave Governance vote, ensuring continued protection for all new contracts and functionalities.

Conclusion

Adopting the SEAL Whitehat Safe Harbor Agreement equips Aave with a rapid response mechanism for active exploits, enabling whitehats to step in effectively when needed most. The agreement provides clear guidelines for action, increasing the protection of user funds and demonstrating Aave’s commitment to proactive security.

References

• SEAL Whitehat Safe Harbor Agreement Documentation: Framework

• SEAL Whitehat Safe Harbor Agreement Legal Agreement: Link

• Aave Bug Bounty: Aave’s Bug Bounty

Disclosures

The authors are not presenting this ARFC on behalf of any third party and are not compensated for creating it.

Next Steps

If this ARFC gets approved, the next step will be the on-chain voting by AAVE holders on the activation of the system on Ethereum.

Please share your thoughts and feedback in the discussion below before the proposal moves to a formal vote.

Hey everyone - I’m Dickson one of the leads of Safe Harbor & Co-founder of Skylock!

Feel free to comment and let us know if you have any questions! Always happy to talk about Safe Harbor!

Hello, this proposal has full @ACI support, following our Skywards service we are happy to steward it towards next stages of governance when maturity is reached.

See my previous comment.

Full support

We’re supportive of this initiative. The SEAL team is best in class, and Aave must lead by example.

As a market leader, the Aave protocol is uniquely positioned to champion higher security standards, thereby protecting its users and fostering a more secure and resilient ecosystem.