- Uniswap has launched a bug bounty to help strengthen its smart contracts
- Uniswap is offering up to $15.5 million depending on the severity of a discovered vulnerability
- The DeFi platform described the bounty as the “largest” in history
DeFi protocol Uniswap has launched what it described as the “largest bug bounty in history” to strengthen its smart contracts. The platform intends to use the bounty to attract blockchain developers and white hat hackers to find critical flaws in its yet-to-be-launched v4 contracts. The bounty has a maximum amount of $15.5 million and $2,000 is the lowest amount anyone can earn for discovering vulnerabilities in the contracts, something that is likely to attract more security researchers.
Vulnerabilities To Be Reported Within 24 Hours
According to Uniswap, the bounty only covers the code developed by the DeFi platform and not “third-party contracts that were not deployed by Uniswap Labs” or third-party contracts linked to Uniswap-deployed contracts.
Introducing the largest bug bounty in history 🦄
We’re rewarding up to $15.5M to anyone that finds a critical vulnerability in v4 core contracts
Find a critical bug, become a millionaire 👀 pic.twitter.com/2h2bOKRLK6
— Uniswap Labs 🦄 (@Uniswap) November 26, 2024
To qualify, bounty hunters must report their findings within 24 hours of discovery and adequately document each possible vulnerability. Participants must also not disclose the weakness to the public until it’s fixed. However, those who discover vulnerabilities that necessitate a code change “can choose to be recognized publicly.”
Uniswap disclosed that v4 contracts have already passed through nine independent audits from top blockchain security firms like OpenZeppelin, adding that “over 500 researchers [also] participated in a $2.35M security competition.”
Uniswap v4 Brings New Market Structures
The DeFi protocol noted that Uniswap v4 focuses on new market structures meant to cater to a wider user base and turn it into a developer platform.
The bounty program comes a month after Uniswap launched Unichain, a layer 2 network powered by Optimism. It also comes a year after launching a KYC hook that divided the DeFi community with some arguing it opened the door for regulators.
With DeFi platforms being among the most targeted by hackers, it’s to be seen whether the bounty will help Uniswap address all weaknesses in its contracts.
