Copied


Uniswap Labs Announces Bug Bounty Program with Rewards Up to 2.25 Million USDC

Luisa Crawford   Sep 02, 2023 16:36 2 Min Read


Uniswap ($UNI) Labs has officially launched a Bug Bounty Program ("the Program"). The initiative aims to encourage ethical hackers and security researchers to identify and report vulnerabilities in Uniswap's deployed contracts. Rewards for successful bug disclosures can reach up to 2,250,000 USDC, depending on the severity of the issue.

Scope of the Program

The Program specifically targets vulnerabilities in Uniswap's deployed contracts, including but not limited to:

Universal Router Contract Code

Permit2 Contract Code

V3 Contract Code

UniswapX Contract Code

However, if a bug is discovered in a Uniswap smart contract outside of these repositories and poses a risk to user funds, it will be considered in-scope for the Program.

Exclusions

The Program does not cover:

  1. Third-party contracts not under Uniswap's direct control
  2. Issues already listed in audits for the above contracts
  3. Bugs in third-party contracts or applications that use Uniswap contracts
  4. The Uniswap DAPP, web interface, or other non-contract related materials

Reward Structure

Uniswap Labs has categorized the severity of potential issues into four levels:

  1. Critical Issues: Impacting numerous users and posing serious reputational, legal, or financial risks.
  2. High Issues: Affecting individual users and posing moderate financial risk.
  3. Medium Issues: Posing relatively small risks and not threatening user funds.
  4. Low/Informational Issues: Relevant to security best practices but not posing an immediate risk.

The rewards will be allocated based on this severity scale and the likelihood of the bug being exploited, as determined solely by Uniswap Labs.

Disclosure Protocol

All vulnerabilities must be reported to Uniswap Labs via the designated email: security+bugbounty@uniswap.org. Public disclosure of the vulnerability is prohibited until Uniswap Labs has resolved the issue and granted permission for public disclosure.

Eligibility Criteria

To be eligible for a reward, the reporter must:

  1. Discover a unique, previously-unreported vulnerability within the scope of the Program.
  2. Be the first to disclose the vulnerability to Uniswap Labs.
  3. Provide sufficient information for the vulnerability to be reproduced and fixed.
  4. Comply with all other terms and conditions of the Program.

Final Remarks

Uniswap Labs retains the sole discretion to alter the terms and conditions of the Program at any time. By participating in the Program, you grant Uniswap Labs the rights needed to validate, mitigate, and disclose the vulnerability.


Image source: Shutterstock

Read More