Timothy Morano
26 November 2024 at 16:43
Uniswap (UNI) has unveiled a $15.5 million standard bug bounty for its v4 core contracts, aiming to boost security and attract developers globally.
Uniswap (UNI), a leading decentralized finance (DeFi) protocol, announced the launch of a $15.5 million bug bounty program, the largest in history, according to Uniswap protocol. This initiative targets vulnerabilities found in the underlying contracts of the latest version of Uniswap, Uniswap v4.
Uniswap v4: A revolutionary platform
Uniswap v4 represents a major evolution of the protocol, transforming it into a developer platform that introduces new market structures and expands the range of assets available to users. This shift is largely due to the introduction of “hooks,” which are contracts that developers can use to customize interactions related to pools, swaps, fees, and liquidity provider positions. These hooks make it possible to develop new features on top of the Uniswap protocol.
In addition to these capabilities, Uniswap v4 offers financial benefits by significantly reducing costs. Creating pools on v4 is expected to be 99.99% cheaper, and users can expect significant savings on multi-hop swaps. Development of version 4 involved extensive community collaboration, with contributions from over 90 developers and numerous community pull requests.
Security measures and audits
Uniswap v4 is already one of the most widely reviewed codebases in the DeFi sector. It has undergone nine independent audits conducted by companies such as OpenZeppelin, Spearbit, Certora, Trail of Bits, ABDK, and Pashov Audit Group. In addition to these audits, more than 500 researchers participated in a $2.35 million security competition, which found no critical vulnerabilities. The launch of a $15.5 million bug bounty is an additional step to ensuring maximum security for Version 4 as it approaches its deployment date.
The bounty specifically targets vulnerabilities in Uniswap v4 core contracts, available at Uniswap v4 Github repository. However, the scope excludes third-party contracts not published by Uniswap Labs, issues already identified in audits, bugs in third-party applications using Uniswap contracts, and issues reported during previous reviews and competitions.
Participation and rewards
Participants must submit reports of vulnerabilities directly to the v4 Bug Bounty page on Cantina within 24 hours of their discovery. Submissions must include detailed information about the bug, steps for reproducing, and potential ramifications if the vulnerability is exploited. Confidentiality is required until the issue is resolved to be eligible for the reward. Unique vulnerabilities that lead to code changes can gain public recognition for the reporter.
A $15.5 million bug bounty program is now live, inviting global developers and researchers to explore the version 4 database for potential vulnerabilities. This initiative underscores Uniswap's commitment to security and innovation in the DeFi space.
Image source: Shutterstock