Uniswap, the biggest decentralized change (DEX), has introduced a $15.5 million bug bounty for vulnerabilities in its v4 improve. This units a brand new file for the very best bug bounty ever supplied, surpassing LayerZero’s $15 million reward.
Nonetheless, this bounty contains a number of caveats, and Uniswap will solely provide a full payout to a “critical” vulnerability that doesn’t embrace third-party contracts or purposes.
Uniswap v4’s Bug Bounty
Uniswap lately supplied a considerable bounty for figuring out code vulnerabilities. Particularly, the agency is on the lookout for weaknesses in its large v4 improve’s core capabilities. Uniswap additionally launched a weblog publish with additional particulars about this system:
“Today, we’re excited to launch a $15.5 million bug bounty, the largest in history, for vulnerabilities found in Uniswap v4 core contracts. Uniswap v4 is already among the most thoroughly reviewed codebases in DeFi, with nine independent audits. As deployment approaches, we’re taking an extra step to ensure v4 is as secure as possible,” the publish learn.
Strictly talking, Uniswap’s declare to being the largest-ever “bug bounty” is considerably ambiguous. Previously, sure platforms have supplied massive bounties to profitable hackers, incentivizing them to return stolen funds. Final 12 months, Mixin Community known as their $20 million enticement to hackers a “bug bounty,” however the firm barely misused the time period.
On this case, Uniswap solely presents funds for figuring out a weak point, not a ransom for truly exploiting it. On this style, Uniswap’s $15.5 million provide is certainly large: earlier this 12 months, Solana supplied solely $1 million for the same program. In different phrases, the corporate would possibly view continued v4 safety as integral to Uniswap’s continued success.
Alternatively, this substantial provide might come from a spot of confidence. As talked about, Uniswap carried out 9 separate unbiased code audits and carried out an extra $2.35 million safety competitors. Fortune claims that Uniswap selected $15.5 million to one-up LayerZero, which supplied a $15 million bounty final 12 months. This excessive reward, then, might simply be a boast.
In any occasion, this large reward comes with necessary caveats. To begin with, a hacker can not declare a vulnerability from any third-party contract or utility, even these deployed by Uniswap Labs. Second, it could possibly’t checklist any unfixed points that earlier audits recognized. Lastly, solely a “critical” bug will get the total fee, with decrease dangers getting between $1 million and $100,000.
Disclaimer
In adherence to the Belief Undertaking pointers, BeInCrypto is dedicated to unbiased, clear reporting. This information article goals to supply correct, well timed info. Nonetheless, readers are suggested to confirm information independently and seek the advice of with knowledgeable earlier than making any selections primarily based on this content material. Please observe that our Phrases and Circumstances, Privateness Coverage, and Disclaimers have been up to date.
