Cointime

Cointime

Download App
iOS & Android

Uniswap unveils $15.5M core contracts bug bounty ahead of v4 launch

Cointime Official

From cointelegraph by Tristan Greene

Uniswap Labs announced the launch of what it deems “the largest bounty in history” ahead of the Uniswap v4 release. 

The bounty program, currently underway, features payouts ranging from $2,000 up to the full $15.5 million purse for the discovery of unique vulnerabilities resulting in code change.

In order to achieve the highest payouts, bounty hunters will need to uncover a critical flaw or exploit in the Uniswap v4 core contracts code, per the terms of the program. 

  Uniswap Labs announces “the largest bug bounty ever” on X.com. Source: Uniswap Labs

“Introducing the largest bug bounty in history. We're rewarding up to $15.5M to anyone that finds a critical vulnerability in v4 core contracts. Find a critical bug, become a millionaire.”

Bug bounty

It’s unclear if this is the biggest bounty program in history. For comparison, bug bounty platform Immunefi reportedly paid out a $14.82 million bounty in 2021 as part of its ongoing security efforts. 

Related: Immunefi suspends TrustSec amid bug bounty dispute 

Other notable bounty payouts include Google’s highest-ever vulnerability discovery payout of $605,000 in 2022, a year in which the company paid out a reported total of $12 million. And, more recently, Microsoft announced $4 million in cloud and AI bounties. 

Based on available data, Uniswap’s $15.5 million bounty would become the largest in recent memory if it were claimed in a single payout. 

However, according to Uniswap Labs, over 500 researchers participated in its previously held $2.35 million security competition for the unreleased v4, and no critical vulnerabilities were found. The firm said the $15.5 million program is “an extra step to ensure v4 is as secure as possible.”

The maximum payout of $15.5 million is only available to researchers who discover unique vulnerabilities in the Uniswap v4 core contracts code that result in code change. 

A table demonstrating top payout requirements for Uniswap Lab’s $15.5 millionbounty program. Source: Uniswap Labs/Cantina

Vulnerabilities deemed “critical” will be eligible for the top payout, according to the program’s details, while those labeled “high” could qualify for a payment of up to $1 million. Payouts dip to $100,000 for “medium” risk vulnerabilities and those for low-risk vulnerability findings will be paid out on a “discretionary” basis. 

Beyond the core contracts code, the program also covers vulnerabilities in “other contracts,” other websites, back ends, and Uniswap v4 wallet codes. 

Magazine: Make Ethereum feel like Ethereum again: Based rollups explained

Comments

All Comments

Recommended for you

  • Latest Progress on DeFi United Ecological Rescue Initiative: Over 100,000 ETH Raised at Designated Donation Address

    On April 26, the DeFi United ecological rescue initiative, led by Aave, continues to advance. The Arbitrum DAO has released 30,765 ETH that was frozen after the rsETH incident on April 18. Currently, the designated donation address has raised a total of 100,360 ETH to address the collateral asset gap caused by the rsETH incident. The plan aims to restore the backing assets of rsETH through multi-party collaboration, stabilize the market, and prevent the spread of bad debts across protocols. The funds will be used to support the restoration of collateral rates and to gradually normalize the market in conjunction with relevant protocols. Key contributors or participants currently include: Arbitrum DAO releasing 30,765 ETH frozen after the rsETH incident, Mantle proposing to contribute 30,000 ETH, Aave DAO proposing to contribute 25,000 ETH, Aave founder Stani Kulechov confirming a contribution of 5,000 ETH, EtherFi proposing to provide 5,000 ETH, Lido proposing to provide 2,500 stETH, and the Golem Foundation and related projects contributing a total of 1,000 ETH, among others. Additionally, LayerZero, Ethena, Frax Finance, and Ink Foundation have also confirmed their participation, although the specific amounts have not yet been disclosed. It is important to note that the progress of this rescue initiative still relies on several external key conditions, including KelpDAO's restoration of rsETH redemptions and the Arbitrum Security Council's release of frozen assets, resulting in uncertainty regarding the overall recovery time and effectiveness.

  • Trump Evacuated from White House Correspondents' Dinner Due to Security Incident

    On April 26, local time April 25, U.S. President Trump was urgently evacuated from the White House Correspondents' Dinner due to a security incident. (CCTV News)

  • Shooting Incident at White House Correspondents' Dinner; Gunman Dead

    On April 26, local time on April 25, a shooting incident occurred in the hall of the White House Correspondents' Dinner, and the gunman is now deceased. (CCTV News)

  • Trump States He Will Not Allow Banks to Undermine Cryptocurrency Market Legislation

    On April 26, CoinDesk reported, citing attendees at a Trump cryptocurrency event, that Trump stated he would not allow banks to undermine cryptocurrency market legislation.

  • Iranian Officials to Depart Pakistan Without Meeting U.S. Representatives

    On April 25, according to a reporter from the New York Post: The Iranian delegation is set to leave Islamabad, the capital of Pakistan, and has consistently emphasized that they did not meet with U.S. officials during their brief visit.

  • Foreign Media: Second Round of Iran-U.S. Talks Scheduled for April 27

    On April 25, according to New Delhi Television: The second round of talks between Iran and the United States is scheduled to take place on April 27.

  • Iranian Lawmaker: Comprehensive Plan for Managing the Strait of Hormuz Formed

    On April 25, according to a report by Iran's Mehr News Agency, Iranian Islamic Parliament member Behnam Saidi stated that Iran has developed a comprehensive plan for managing the Strait of Hormuz. In an interview with Mehr News Agency, Saidi mentioned that an important aspect of this plan is the exclusive recognition of the name 'Persian Gulf' in all correspondence and commercial documents, rejecting any other names. Vessels and ships navigating in the region must obtain permission from Iran. Sovereignty over the Strait of Hormuz will be entirely under Iran's control. He also stated that vessels identified as hostile by the Supreme National Security Council or the General Staff of the Armed Forces of Iran are not allowed to pass through the Strait of Hormuz, and Israeli vessels are absolutely prohibited from entering the area. Ships passing through the region must pay relevant fees concerning safety, environmental protection, shipping management, and licensing, with priority given to payments in rials.

  • DeepSeek Plans to Raise $1.8 Billion with a Valuation of Approximately $20 Billion

    Sources reveal that the main reason for DeepSeek's current fundraising effort is the significant recent talent loss. Several core researchers have left the company to join ByteDance, Tencent, Xiaomi, and autonomous driving company Yuanrong Qihang. Meanwhile, competitors Zhiyu Technology and MiniMax have listed on the Hong Kong Stock Exchange, and the company Dark Side of the Moon has completed three rounds of financing in the first three months of this year, with a valuation more than quadrupling since the end of last year.

  • Iran Warns U.S. Against Continuing Piracy Actions

    On April 25, according to CCTV International News, Iran's Khatam al-Anbia Central Command issued a statement today warning that if U.S. forces continue to implement 'blockades, maritime interceptions, and piracy actions' in the region, they will face a strong counterattack from the Iranian armed forces. The statement emphasized that the U.S. should recognize that Iran's military capabilities and preparedness in safeguarding national sovereignty, territorial integrity, and national interests are stronger than ever, as demonstrated in previous conflicts. The statement also noted that Iran will continue to monitor enemy actions and movements and maintain control over the Strait of Hormuz. Should the enemy take further actions, Iran will respond with even harsher strikes.

  • Sources: Iran's Stance is Tougher than in First Round of Negotiations

    On April 25, official sources from Pakistan stated that Iran has adopted a tougher position compared to the first round of negotiations, emphasizing that any plan to end the war must be implemented according to Iran's conditions, rather than those proposed by U.S. President Trump. (Xinhua News Agency)

Daily Must-Read

Popular Activities

RaveDAO at Terra Solis by Tomorrowland: A Female-Led Techno Night Where Web3 Culture Converges

RaveDAO at Terra Solis by Tomorrowland: A Female-Led Techno Night Where Web3 Culture Converges

April 30 - April 30
Dubai

Popular Tags

Cointime
News
Contents
RSS
Company