Cointime

Cointime

Download App
iOS & Android

Uniswap Launches Bug Bounty Program, Reward Up to 3 Million USDC

Overview

The security of Uniswap and its smart contracts are of utmost importance to us. For that reason we have an official Uniswap Bug Bounty (the ”Program”) to incentivize responsible bug disclosure. Rewards will be allocated based on the severity of the bug disclosed and evaluated for rewards up to 2,250,000 USDC.

Special Notice

Until Nov 30, 2022, all bugs found within Universal Router as well as Permit2 before they are launched will receive an additional bounty on top of the reward up to a maximum of 3,000,000 USDC.The scope of this additional bounty includes the following:

Scope

The Program includes vulnerabilities and bugs in any deployed Uniswap contract. These include those within the following GitHub repositories:- Universal Router Contract CodePermit2 Contract CodeV3 Contract CodeHowever if you find a bug in a Uniswap smart contract outside of these repositories, where user funds are at risk, the team will consider the issue to be in-scope for our bounty.The following are not within the scope of the Program:

Rewards

The Program includes the following 4 level severity scale:

  • - Critical Issues that could impact numerous users and have serious reputational, legal or financial implications. An example would be being able to lock contracts permanently or take funds from all users.
  • - High Issues that impact individual users where exploitation would pose reputational, legal or moderate financial risk to the user.
  • - Medium The risk is relatively small and does not pose a threat to user funds.
  • - Low/Informational The issue does not pose an immediate risk but is relevant to security best practices.

Rewards will be given based on the above severity as well as the likelihood of the bug being triggered or exploited, to be determined at the sole discretion of Uniswap Labs. You can find out more about this scale at the OWASP risk rating methodology page.DisclosureAny vulnerability or bug discovered must be reported only to the following email: [email protected]. An acknowledgement of receipt will be given within 1 business day by Uniswap Labs.The vulnerability must not be disclosed publicly or to any other person, entity or email address before Uniswap Labs has been notified, has fixed the issue, and has granted permission for public disclosure. In addition, disclosure must be made within 24 hours following discovery of the vulnerability.A detailed report of a vulnerability increases the likelihood of a reward and may increase the reward amount. Please provide as much information about the vulnerability as possible, including:

  • - The conditions on which reproducing the bug is contingent.
  • - The steps needed to reproduce the bug or, preferably, a proof of concept.
  • - The potential implications of the vulnerability being abused.

Anyone who reports a unique, previously-unreported vulnerability that results in a change to the code or a configuration change and who keeps such vulnerability confidential until it has been resolved by our engineers will be recognized publicly for their contribution if they so choose.EligibilityTo be eligible for a reward under this Program, you must:

  • - Discover a previously-unreported, non-public vulnerability that is not previously known by the team and within the scope of this Program.
  • - Be the first to disclose the unique vulnerability to [email protected], in compliance with the disclosure requirements.
  • - Provide sufficient information to enable our engineers to reproduce and fix the vulnerability.
  • - Not exploit the vulnerability in any way, including through making it public or by obtaining a profit (other than a reward under this Program).
  • - Not publicize a vulnerability in any way, other than through private reporting to us.
  • - Make a good faith effort to avoid privacy violations, destruction of data, interruption or degradation of any of the assets in scope.
  • - Not submit a vulnerability caused by an underlying issue that is the same as an issue on which a reward has been paid under this Program.
  • - Not engage in any unlawful conduct when disclosing the bug to [email protected], including through threats, demands, or any other coercive tactics.
  • - Be at least 18 years of age or, if younger, submit your vulnerability with the consent of your parent or guardian.
  • - Not be subject to US sanctions or reside in a US-embargoed country.
  • - Not be one of our current or former employees, vendors, or contractors or an employee of any of those vendors or contractors.
  • - Comply with all the eligibility requirements of the Program.

Other Terms

By submitting your report, you grant Uniswap Labs any and all rights, including intellectual property rights, needed to validate, mitigate, and disclose the vulnerability. All reward decisions, including eligibility for and amounts of the rewards and the manner in which such rewards will be paid, are made at our sole discretion.The terms and conditions of this Program may be altered at any time.

Comments

All Comments

Recommended for you

  • First Windows PCs with NVIDIA Chips Expected to Debut Next Week

    On May 30, Axios reported that sources indicate NVIDIA is set to enter the personal computer market, with the first Windows PCs featuring its chips as the main processors expected to be unveiled next week. NVIDIA and Microsoft will showcase their collaborative results and the initial PCs equipped with these chips at two major industry events: Computex in Taipei and the Microsoft Build Developer Conference. Sources suggest that PCs with NVIDIA chips are likely to appear in Microsoft's Surface brand as well as products from other manufacturers, including Dell. Microsoft is also expected to launch software that will allow users to more easily run AI agents locally on Windows PCs.

  • This Week, US Spot Bitcoin ETFs Experience Net Outflows of $1.4156 Billion

    On May 30, according to Farside monitoring, US spot Bitcoin ETFs experienced cumulative net outflows of $1.4156 billion this week. This includes: IBIT with net outflows of $966.3 million; GBTC with net outflows of $172 million; FBTC with net outflows of $169.1 million; BITB with net outflows of $46.3 million; ARKB with net outflows of $24.7 million; MSBT with net outflows of $1 million; and Grayscale BTC with net outflows of $33 million.

  • US Oil Giant Predicts Higher Oil Prices This Summer

    On May 30, according to CCTV Finance, during a conference hosted by investment firm Bernstein, Chevron CEO Mike Wirth stated that due to the situation in Iran, global crude oil inventories are continuously declining, and oil prices are likely to rise in the next two months. The Financial Times reported that Wirth's remarks reflect widespread concerns: even if the conflicting parties reach a ceasefire agreement, the negative impact of the conflict on energy prices will persist for months. Additionally, CNN reported on the 28th that due to the ongoing geopolitical conflicts in the Middle East, the U.S. Strategic Petroleum Reserve is declining at a rare pace not seen in recent years, and commercial crude oil inventories are also at low levels.

  • S&P 500 Index Set for Rare Nine-Week Winning Streak

    On May 29, hopes that a ceasefire agreement could bring an end to the Middle East conflict have propelled the U.S. stock market towards a rare weekly winning streak record, with a surge in artificial intelligence trading also boosting the market. The S&P 500 index has rebounded nearly 20% from the lows triggered by the war and is poised for its ninth consecutive week of gains, marking the longest winning streak since December 2023. Such a rare occurrence has only happened a few times since 1985. On Friday, the index edged higher, hovering near record highs.

  • Grayscale to Introduce $115 Million HYPE Token Seed Funding for Hyperliquid Staking ETF

    On May 29, Finance Feeds reported that Grayscale is in talks with Hyper Holdings Global LP to sell shares of its proposed Hyperliquid ETF in exchange for approximately 2 million HYPE tokens, valued at about $115 million at current prices, to serve as seed capital before the fund's listing. At the same time, Grayscale has renamed the product to 'Grayscale Hyperliquid Staking ETF', which is set to be listed on NASDAQ under the ticker HYPG. The new staking feature distinguishes it from a traditional spot ETF that solely tracks token prices.

  • BTC Falls Below $73,000

    Market data shows that BTC has fallen below $73,000, currently priced at $72,999.33, with a 24-hour decline of 0.4%. The market is experiencing significant volatility, so please ensure proper risk management.

  • Spot Gold Reaches $4,550/oz, Up 1.20% for the Day

    Spot gold has reached $4,550 per ounce, rising 1.20% for the day.

  • S&P 500 Technology Sector Hits Record High, Up 1.7%

    On May 29, it was reported that the S&P 500 technology sector has reached a historic high, currently up 1.7%.

  • U.S. Stock Indices Open Slightly Higher; Dell Rises Over 30%

    On May 29, U.S. stocks opened with the three major indices slightly higher, with the Dow Jones up 0.18%, the S&P 500 up 0.09%, and the Nasdaq up 0.16%. Dell (DELL.N) surged over 30% as its first-quarter earnings exceeded expectations. Stocks of AI server manufacturers also rose, with Super Micro Computer (SMCI.O) up over 7% and HP (HPQ.N) up over 6%.

  • Musk Denies Reports of SpaceX Lowering IPO Valuation Target to At Least $1.8 Trillion

    On May 29, Musk denied reports that SpaceX had lowered its IPO valuation target to at least $1.8 trillion. (Jin Shi)

Daily Must-Read

Popular Activities

RaveDAO at Terra Solis by Tomorrowland: A Female-Led Techno Night Where Web3 Culture Converges

RaveDAO at Terra Solis by Tomorrowland: A Female-Led Techno Night Where Web3 Culture Converges

April 30 - April 30
Dubai

Popular Tags

Cointime
News
Contents
RSS
Company