Timothy Morano
November 26, 2024 16:43
Uniswap (UNI) has unveiled a record $15.5 million bug bounty for its v4 core contract to strengthen security and attract developers globally.
Uniswap (UNI), a leading decentralized finance (DeFi) protocol, announced the launch of its $15.5 million bug bounty program, the largest in history, according to Uniswap Protocol. This initiative targets vulnerabilities within the core contracts of Uniswap v4, the latest version of Uniswap.
Uniswap v4: A revolutionary platform
Uniswap v4 represents a significant advancement for the protocol, transforming it into a developer platform that introduces new market structures and expands the range of assets available to users. This change is primarily due to the introduction of “hooks,” which are contracts that developers can use to customize interactions related to pools, swaps, fees, and liquidity provider locations. These hooks allow you to develop new features based on the Uniswap protocol.
In addition to these features, Uniswap v4 offers financial benefits by significantly reducing costs. In v4, pool creation is expected to be 99.99% cheaper and users can expect significant cost savings from multi-hop swaps. Development of v4 involved extensive community collaboration, with contributions from over 90 developers and numerous community pull requests.
Security measures and audits
Uniswap v4 is already one of the most extensively reviewed codebases in the DeFi sector. It has gone through nine independent audits conducted by companies such as OpenZeppelin, Spearbit, Certora, Trail of Bits, ABDK, and Pashov Audit Group. In addition to these audits, more than 500 researchers participated in a $2.35 million security competition and found no serious vulnerabilities. The launch of the $15.5 million bug bounty is an additional step to ensure the maximum security of v4 as the release date approaches.
The bounty specifically targets vulnerabilities in the Uniswap v4 core contract, which is available in the Uniswap v4 Github repository. However, outside of scope are third-party contracts not deployed by Uniswap Labs, issues already identified in audits, bugs in third-party applications that use Uniswap contracts, and issues flagged in previous reviews and competitions.
Participation and Rewards
Participants must submit vulnerability reports directly to Cantina’s v4 Bug Bounty page within 24 hours of discovery. Submissions must include detailed information about the bug, steps to reproduce, and the potential impact if the vulnerability is exploited. Receiving compensation requires confidentiality until the issue is resolved. Unique vulnerabilities that lead to code changes can bring public recognition to the reporter.
A $15.5 million bug bounty program is currently live, inviting developers and researchers from around the world to explore the v4 codebase for potential vulnerabilities. This initiative highlights Uniswap’s commitment to security and innovation within the DeFi landscape.
Image source: Shutterstock