Uniswap announces $15.5m bug bounty for v4

Uniswap Labs has launched a major bug bounty program offering up to $15.5 million to identify critical vulnerabilities in v4 core contracts.

Uniswap (UNI) said in its announcement on Nov. 26 that this bug bounty is the “largest” bounty ever introduced.

v4 is Uniswap’s latest network upgrade designed to transform the protocol into a hub for developers. The upgrade introduces hooks (contracts) that unlock new assets and market structures, allowing developers to customize user interactions across pools, exchanges, and liquidity provision.

Uniswap v4 has passed nine major codebase reviews by companies such as OpenZeppelin, ABDK, Spearbit, Certora and Trail of Bits.

The project also attracted more than 500 researchers with a $2.35 million security challenge. Although no critical vulnerabilities have been found so far, Uniswap Labs is being extra careful as the v4 distribution approaches.

“As deployment approaches, we are taking an extra step to ensure v4 is as secure as possible, with a $15.5 million bug bounty,” the Uniswap Labs team said via X.

Bug bounty programs are widely used to improve security and user protection, especially in an ecosystem frequently targeted by crypto attacks and network exploits. These programs incentivize ethical hackers to detect vulnerabilities in exchange for rewards.

In April 2023, hackers exploited Uniswap using sandwich attacks, resulting in the theft of approximately $25.2 million worth of crypto.

Leave a Reply

Your email address will not be published. Required fields are marked *