Uniswap (UNI) Launches Historic $15.5M Bug Bounty for Version 4

Timothy Morano  Nov 27, 2024 00:43  UTC 16:43

2 Min Read

Uniswap (UNI), a leading decentralized finance (DeFi) protocol, has announced the launch of a $15.5 million bug bounty program, the largest in history, according to Uniswap Protocol. This initiative targets vulnerabilities within the core contracts of Uniswap's latest iteration, Uniswap v4.

Uniswap v4: A Revolutionary Platform

Uniswap v4 represents a significant evolution of the protocol, transforming it into a developer platform that introduces novel market structures and expands the range of assets available to users. This transformation is largely attributed to the introduction of "hooks," which are contracts that developers can use to customize interactions related to pools, swaps, fees, and liquidity provider positions. These hooks enable the development of new features on top of the Uniswap Protocol.

In addition to these capabilities, Uniswap v4 offers financial benefits by drastically reducing costs. The creation of pools on v4 is expected to be 99.99% cheaper, and users can anticipate significant savings on multi-hop swaps. The development of v4 involved extensive community collaboration, with contributions from over 90 developers and numerous community pull requests.

Security Measures and Audits

Uniswap v4 is already one of the most extensively reviewed codebases in the DeFi sector. It has undergone nine independent audits conducted by firms such as OpenZeppelin, Spearbit, Certora, Trail of Bits, ABDK, and Pashov Audit Group. In addition to these audits, over 500 researchers participated in a $2.35 million security competition, which found no critical vulnerabilities. The launch of the $15.5 million bug bounty is an additional step to ensure the utmost security of v4 as its deployment date approaches.

The bounty specifically targets vulnerabilities in the Uniswap v4 core contracts, available in the Uniswap v4 Github repository. However, the scope excludes third-party contracts not deployed by Uniswap Labs, issues already identified in audits, bugs in third-party applications using Uniswap contracts, and issues flagged during previous reviews and competitions.

Participation and Rewards

Participants must submit reports of vulnerabilities directly to the v4 Bug Bounty Page on Cantina within 24 hours of discovery. Submissions should include detailed information about the bug, reproduction steps, and potential implications if the vulnerability were exploited. Confidentiality is required until the issue is resolved to be eligible for a reward. Unique vulnerabilities leading to code changes can earn public recognition for the reporter.

The $15.5 million bug bounty program is now live, inviting global developers and researchers to explore the v4 codebase for potential vulnerabilities. This initiative underscores Uniswap's commitment to security and innovation within the DeFi landscape.



Read More