Last updated:
Uniswap Labs announced a $15.5 million bug bounty program for its v4 core contracts on November 26, marking the largest bounty offering in decentralized finance (DeFi) to date.
According to the Uniswap Labs announcement, the bug bounty focuses on vulnerabilities in Uniswap v4’s core infrastructure, which introduces features like hooks to enable customizable pool interactions and cost savings for liquidity providers and swappers.
Largest Bug Bounty Program in DeFi
The bug bounty program covers vulnerabilities found in its core contracts, which are available in the GitHub repository. According to the statement, reports must include clear details, such as reproduction steps and potential risks, to qualify for rewards.
The bug bounty currently excludes third-party contracts and Uniswap v4 periphery contracts, which are expected to be included later. Issues already identified in audits or earlier reviews are outside the program’s scope.
The company stated that Uniswap v4 has undergone extensive security reviews, including nine independent audits and a $2.35 million security competition with no critical flaws discovered. The bug bounty serves as an additional precaution ahead of deployment.
Developers submitting reports are required to maintain confidentiality until issues are resolved. Unique vulnerabilities that lead to code changes may qualify for public recognition as part of the program.
According to the bounty’s specifics page, the total reward of $15.5 million will be distributed as Circle (USDC) stablecoin.
Uniswap Introduces Permissionless Bridging
Uniswap recently introduced a new cross-chain bridging feature, enabling users to transfer assets seamlessly across nine blockchain networks directly from its Interface and Wallet.
The functionality was powered by Across Protocol, a permissionless bridging solution designed to enhance speed and security for cross-chain transactions.
The newly launched feature aims to simplify the process of moving assets between chains, addressing a longstanding challenge for Uniswap’s user base. Previously, users relied on external services, often involving multiple steps and significant delays.