Uniswap (UNI) Labs has announced a significant update to its bug bounty program, collaborating with Cantina to enhance security measures and reward mechanisms. This move aims to incentivize the discovery and reporting of vulnerabilities within the Uniswap ecosystem, according to Uniswap Protocol.
Details of the Bug Bounty Program
Bugs and vulnerabilities found in Uniswap Labs’ contracts and interfaces should now be submitted through the Uniswap Labs Cantina Bug Bounty Page. Rewards are allocated based on the severity of the disclosed bug and the assets at risk, with potential payouts reaching up to $2.25 million.
The program covers vulnerabilities in any contract deployed by Uniswap Labs, as well as Uniswap interfaces. This includes production-deployed code from specific GitHub repositories managed by Uniswap Labs. However, vulnerabilities in third-party contracts not deployed by Uniswap Labs, issues already listed in audits, and bugs in third-party applications using Uniswap contracts are excluded from the program.
Reporting and Reward Criteria
To be eligible for rewards, any discovered vulnerabilities must be reported directly through the Cantina platform and kept confidential until the issue is resolved. Public disclosure or sharing with any other entity before Cantina’s resolution is strictly prohibited. Reports must be submitted within 24 hours of discovering the vulnerability.
A comprehensive report detailing the vulnerability, including conditions for reproducing the bug, steps to reproduce it, and potential implications of its exploitation, increases the likelihood and amount of the reward. Uniswap Labs retains sole discretion over reward decisions, including eligibility and payment methods.
Program Exclusions
The program does not cover:
- Third-party contracts not deployed by Uniswap Labs
- Issues already listed in audits
- Bugs in third-party applications using Uniswap contracts
- Internally known issues
By submitting a report, participants grant Uniswap Labs all necessary rights to validate, mitigate, and disclose the vulnerability. Those who report unique, previously-unreported vulnerabilities that lead to code changes or configuration adjustments will be publicly recognized for their contributions, if they choose.
For full eligibility requirements and more details, visit the Uniswap Labs Cantina Bug Bounty Page.
Image source: Shutterstock