Uniswap Launches $15.5M Bug Bounty Program On Cantina To Strengthen Security
In Brief
Uniswap has launched a bug bounty program with rewards up to $15.5 million to incentivize researchers to identify security vulnerabilities across its protocol, contracts, and related infrastructure.
Decentralized exchange (DEX) Uniswap announced that it has introduced a new bug bounty initiative on the Web3 security platform Cantina, offering a maximum reward of $15.5 million.
The initiative is intended to motivate researchers to identify and submit reports on security issues within the Uniswap protocol, associated websites, backend services, mobile and extended wallets, and related infrastructure.
Uniswap protocol operates as a peer-to-peer framework intended for exchanging value, relying on a collection of permanent and non-upgradable smart contracts that are structured to run independently without requiring intermediaries.
The program covers vulnerabilities and defects found in the most recently deployed versions of designated Uniswap contracts, including V4 Core Contracts, the Universal Router Contract Code, the Permit2 Contract Code, the V3 Contract Code, the UniswapX Contract Code, as well as other components, along with commit b619b67 of the specified undeployed v4-core contracts.
The initiative provides compensation based on the assessed severity of each vulnerability, categorized as critical, high, medium, or low, with corresponding maximum rewards of $15.5 million, $1 million, $100,000, and $50,000.
Bug Bounty Rules Require Confidential Reporting And Compliance For Rewards
According to the program requirements, any identified vulnerability must remain undisclosed to the public or to any external party until Uniswap Labs has been informed, has resolved the issue, and has granted approval for public disclosure.
A report must also be submitted within twenty-four hours of discovering the vulnerability. A comprehensive explanation of the issue increases the likelihood of receiving a reward and may enhance the reward amount. Reports should include detailed information about the conditions necessary to reproduce the problem, the steps required to replicate it or a proof of concept, and the possible consequences if the vulnerability were to be exploited.
Individuals who report a unique and previously unknown vulnerability that leads to a modification of the code or a configuration change, and who maintain confidentiality until the issue has been addressed, may receive public acknowledgment for their contribution if desired.
In order to qualify for a reward under the program, participants must identify a previously unreported and non-public vulnerability that is not already known to the Uniswap Labs team and falls within the defined scope. All requested KYC and supporting documentation must be provided. Eligibility requires being the first to submit the unique vulnerability while following the program’s disclosure rules, supplying enough detail for engineers to reproduce and correct the issue, and refraining from exploiting the vulnerability for any purpose other than receiving a reward through the program.
Participants must avoid publicizing or using the vulnerability outside of confidential reporting, avoid actions that compromise privacy, damage data, or disrupt any assets within scope, and must not submit issues that stem from the same underlying cause as one previously rewarded. Disclosing the vulnerability must not involve unlawful behavior, including coercive or threatening conduct.
Furthermore, participants must meet the age of majority, must not be located in regions subject to U.S. trade or economic sanctions or where participation is prohibited, and must not be current or former employees, vendors, or contractors who contributed to the relevant code. Full compliance with all program rules, including restrictions on prohibited actions, is required.
Disclaimer
In line with the Trust Project guidelines, please note that the information provided on this page is not intended to be and should not be interpreted as legal, tax, investment, financial, or any other form of advice. It is important to only invest what you can afford to lose and to seek independent financial advice if you have any doubts. For further information, we suggest referring to the terms and conditions as well as the help and support pages provided by the issuer or advertiser. MetaversePost is committed to accurate, unbiased reporting, but market conditions are subject to change without notice.
About The Author
Alisa, a dedicated journalist at the MPost, specializes in cryptocurrency, zero-knowledge proofs, investments, and the expansive realm of Web3. With a keen eye for emerging trends and technologies, she delivers comprehensive coverage to inform and engage readers in the ever-evolving landscape of digital finance.
More articles
Alisa, a dedicated journalist at the MPost, specializes in cryptocurrency, zero-knowledge proofs, investments, and the expansive realm of Web3. With a keen eye for emerging trends and technologies, she delivers comprehensive coverage to inform and engage readers in the ever-evolving landscape of digital finance.
