Uniswap ($UNI) Labs has formally launched a Bug Bounty Program (“the Program”). The initiative goals to encourage moral hackers and safety researchers to establish and report vulnerabilities in Uniswap’s deployed contracts. Rewards for profitable bug disclosures can attain as much as 2,250,000 USDC, relying on the severity of the problem.
Scope of the Program
The Program particularly targets vulnerabilities in Uniswap’s deployed contracts, together with however not restricted to:
Common Router Contract Code
Permit2 Contract Code
V3 Contract Code
UniswapX Contract Code
Nevertheless, if a bug is found in a Uniswap sensible contract outdoors of those repositories and poses a danger to consumer funds, will probably be thought-about in-scope for the Program.
Exclusions
The Program doesn’t cowl:
Third-party contracts not beneath Uniswap’s direct management
Points already listed in audits for the above contracts
Bugs in third-party contracts or purposes that use Uniswap contracts
The Uniswap DAPP, net interface, or different non-contract associated supplies
Reward Construction
Uniswap Labs has categorized the severity of potential points into 4 ranges:
Crucial Points: Impacting quite a few customers and posing critical reputational, authorized, or monetary dangers.
Excessive Points: Affecting particular person customers and posing average monetary danger.
Medium Points: Posing comparatively small dangers and never threatening consumer funds.
Low/Informational Points: Related to safety greatest practices however not posing a right away danger.
The rewards shall be allotted based mostly on this severity scale and the probability of the bug being exploited, as decided solely by Uniswap Labs.
Disclosure Protocol
All vulnerabilities should be reported to Uniswap Labs through the designated e-mail: safety+bugbounty@uniswap.org. Public disclosure of the vulnerability is prohibited till Uniswap Labs has resolved the problem and granted permission for public disclosure.
Eligibility Standards
To be eligible for a reward, the reporter should:
Uncover a singular, previously-unreported vulnerability throughout the scope of the Program.
Be the primary to reveal the vulnerability to Uniswap Labs.
Present ample data for the vulnerability to be reproduced and stuck.
Adjust to all different phrases and circumstances of the Program.
Closing Remarks
Uniswap Labs retains the only real discretion to change the phrases and circumstances of the Program at any time. By collaborating within the Program, you grant Uniswap Labs the rights wanted to validate, mitigate, and disclose the vulnerability.
Picture supply: Shutterstock