Uniswap ($UNI) Labs has formally launched a Bug Bounty Program (“the Program”). The initiative goals to encourage moral hackers and safety researchers to establish and report vulnerabilities in Uniswap’s deployed contracts. Rewards for profitable bug disclosures can attain as much as 2,250,000 USDC, relying on the severity of the difficulty.
Scope of the Program
The Program particularly targets vulnerabilities in Uniswap’s deployed contracts, together with however not restricted to:
Common Router Contract Code
Permit2 Contract Code
V3 Contract Code
UniswapX Contract Code
Nevertheless, if a bug is found in a Uniswap good contract outdoors of those repositories and poses a threat to person funds, it will likely be thought of in-scope for the Program.
Exclusions
The Program doesn’t cowl:
Third-party contracts not beneath Uniswap’s direct management
Points already listed in audits for the above contracts
Bugs in third-party contracts or functions that use Uniswap contracts
The Uniswap DAPP, internet interface, or different non-contract associated supplies
Reward Construction
Uniswap Labs has categorized the severity of potential points into 4 ranges:
Important Points: Impacting quite a few customers and posing critical reputational, authorized, or monetary dangers.
Excessive Points: Affecting particular person customers and posing reasonable monetary threat.
Medium Points: Posing comparatively small dangers and never threatening person funds.
Low/Informational Points: Related to safety finest practices however not posing an instantaneous threat.
The rewards shall be allotted primarily based on this severity scale and the probability of the bug being exploited, as decided solely by Uniswap Labs.
Disclosure Protocol
All vulnerabilities should be reported to Uniswap Labs by way of the designated electronic mail: safety+bugbounty@uniswap.org. Public disclosure of the vulnerability is prohibited till Uniswap Labs has resolved the difficulty and granted permission for public disclosure.
Eligibility Standards
To be eligible for a reward, the reporter should:
Uncover a singular, previously-unreported vulnerability throughout the scope of the Program.
Be the primary to reveal the vulnerability to Uniswap Labs.
Present adequate info for the vulnerability to be reproduced and glued.
Adjust to all different phrases and circumstances of the Program.
Closing Remarks
Uniswap Labs retains the only real discretion to change the phrases and circumstances of the Program at any time. By collaborating within the Program, you grant Uniswap Labs the rights wanted to validate, mitigate, and disclose the vulnerability.
Picture supply: Shutterstock