Uniswap has announced a record-breaking $15.5 million bug bounty ahead of the launch of Uniswap V4. This initiative is the largest bounty in decentralized finance (DeFi) history. It aims to identify vulnerabilities within the Uniswap V4 core contracts.
Uniswap V4 is a major upgrade to the Uniswap Protocol. It introduces new capabilities that transform the protocol into a comprehensive developer platform. Central to this evolution is the introduction of “hooks.” These customizable contracts enable developers to adjust how pools, swaps, fees, and liquidity provider (LP) positions interact. This enhancement allows for improved features and market structures. It serves a broader user base and creates new asset opportunities.
The development of Uniswap V4 has been fully transparent. Over 90 developers and hundreds of community pull requests contributed to its creation. Additionally, a $2.35 million security competition involving over 500 researchers revealed no critical vulnerabilities. To strengthen these efforts, Uniswap has launched the $15.5 million bug bounty to encourage global scrutiny of the core contracts.
The bounty program focuses exclusively on Uniswap V4’s core contracts, as outlined in its GitHub repository. Certain aspects are excluded, such as third-party contracts, periphery contracts, and issues flagged in prior audits or reviews. Participants must submit findings on Cantina within 24 hours of discovery. Submissions must include detailed reproduction steps and explain the potential implications of exploitation.
To qualify for a reward, participants must maintain confidentiality until the issue is resolved. Discoveries that lead to code changes can earn public recognition, reflecting the collaborative ethos of the Uniswap ecosystem. Find out more about the bug bounty by Uniswap.
