Uniswap (UNI) Labs, in partnership with Cantina, has announced important updates to its bug bounty program that strengthen security measures and reward mechanisms. According to the Uniswap Protocol, this move is aimed at encouraging the discovery and reporting of vulnerabilities within the Uniswap ecosystem.
Bug Bounty Program Details
Bugs and vulnerabilities discovered in Uniswap Labs’ contracts and interfaces should now be submitted via the Uniswap Labs Cantina bug bounty page. Rewards are allocated based on the severity of the bug disclosed and the assets at risk, with a potential payout of up to $2.25 million.
This program covers vulnerabilities in all contracts deployed by Uniswap Labs and the Uniswap interface. This includes production deployment code from specific GitHub repositories managed by Uniswap Labs. However, vulnerabilities in third-party contracts not deployed by Uniswap Labs, issues already listed in the audit, and bugs in third-party applications that use Uniswap contracts are excluded from the program.
Reporting and Compensation Criteria
To receive a reward, you must report the discovered vulnerability directly through the Cantina platform and keep it confidential until the issue is resolved. Disclosure or sharing with other entities is strictly prohibited until Cantina resolves the issue. You must submit the report within 24 hours of discovering the vulnerability.
A comprehensive report detailing the vulnerability, including the conditions for reproducing the bug, steps to reproduce the bug, and potential impact of exploiting the bug, increases the likelihood and amount of a reward. Uniswap Labs has sole discretion in determining rewards, including eligibility and payment methods.
Program Exclusions
This program does not include:
- Third party contracts not distributed by Uniswap Labs
- Issues already listed in the comments
- Bugs in third-party applications using Uniswap contracts
- Internally known issues
By submitting a report, participants grant Uniswap Labs all necessary rights to verify, mitigate, and disclose the vulnerability. Anyone reporting a unique and previously unreported vulnerability that leads to a code change or configuration adjustment will be given public credit for their contribution if they choose to do so.
For full eligibility requirements and details, please visit the Uniswap Labs Cantina bug bounty page.
Image source: Shutterstock