Internet reports that Circle and Tether are being questioned by DeFi risk management company LlamaRisk because its vulnerability bounty program is "seriously insufficient" and the maximum amount does not even exceed $10,000. LlamaRisk released a report on September 1 evaluating the vulnerability bounty program for crypto assets listed in the Aave V3 protocol. The report found that among the assets Aave supplied, 33 assets worth $19.7 billion were considered "sufficient" for the vulnerability bounty program. But 10 other assets (worth $19.2 billion) either have no loopholes in the bounty program or are grossly inadequate. LlamaRisk pointed out that although Circle manages $70 billion in assets, its vulnerability bounty is "grossly insufficient" at just $5,000. Tether, which manages $160 billion in assets, has a vulnerability reward of only $10,000. Other assets with low vulnerability bounty amounts include BitGo wrapped bitcoin, Gnosis and Ripple; while Etherfi, Monerium, PayPal and Agora are marked as not having active vulnerability bounty programs at all.