Monday, May 5, 2025
HomeBug BountyUniswap Labs to Offer $15.5 Million Bounty for Bug Hunters

Uniswap Labs to Offer $15.5 Million Bounty for Bug Hunters

Published on

SIEM as a Service

Follow Us on Google News

Uniswap Labs has launched a $15.5 million bug bounty program to ensure the security of its latest protocol, Uniswap v4.

This substantial bounty is the largest ever offered in the history of the DeFi sector. Uniswap v4 represents the latest evolution of the Uniswap Protocol, marking a significant transformation into a comprehensive developer platform.

This iteration introduces “hooks,” enabling developers to create customizable contracts that dictate interactions between pools, swaps, fees, and liquidity provider (LP) positions.

- Advertisement - Google News

The introduction of hooks is set to unlock new market structures and broaden the range of assets available on the platform, thereby serving more users effectively.

Aside from the technological advancements, Uniswap v4 promises cost efficiency, with pool creation costs expected to be reduced by 99.99% and notable savings on multi-hop swaps for traders.

Developed with a collaborative spirit, the v4 codebase has been shaped by contributions from over 90 developers and hundreds of community pull requests.

Analyze cyber threats with ANYRUN's powerful sandbox. Black Friday Deals : Get up to 3 Free Licenses.

A Focus on Security

Security is a paramount concern for Uniswap Labs, which is underscored by the rigorous code reviews and audits that Uniswap v4 has undergone.

The protocol has been scrutinized through nine independent audits by industry-leading firms like OpenZeppelin, Spearbit, and Certora.

Additionally, a $2.35 million security competition was held, engaging over 500 researchers, with no critical vulnerabilities discovered to date.

The launch of the $15.5 million bug bounty aims to further fortify the protocol’s security ahead of its deployment.

By inviting ethical hackers and developers to examine the Uniswap v4 core contracts, Uniswap Labs is taking proactive steps to ensure any potential vulnerabilities are identified and addressed promptly.

The bug bounty encompasses vulnerabilities within the Uniswap v4 core contracts, accessible through the project’s GitHub repository.

However, it excludes third-party contracts not deployed by Uniswap Labs, previously identified issues in audits, and third-party applications utilizing Uniswap contracts. The periphery contracts of Uniswap v4 will be added to the program shortly.

To participate, bug hunters must submit their findings via the v4 Bug Bounty Page on Cantina within 24 hours of discovery, ensuring confidentiality until any issues are resolved.

Detailed reports, including reproduction steps and possible implications, increase the likelihood of eligibility for a reward. Successful contributors can opt for public recognition for their discoveries.

The $15.5 million bug bounty program is live, inviting the global community of developers and researchers to explore the v4 codebase.

Interested participants can find further details and submission requirements on the v4 Bug Bounty Page on Cantina. This initiative underscores Uniswap’s commitment to security and innovation in the rapidly evolving DeFi landscape.

Leveraging 2024 MITRE ATT&CK Results for SME & MSP Cybersecurity Leaders – Attend Free Webinar

Divya
Divya
Divya is a Senior Journalist at GBhackers covering Cyber Attacks, Threats, Breaches, Vulnerabilities and other happenings in the cyber world.

Latest articles

Hackers Exploit Email Fields to Launch XSS and SSRF Attacks

Cybersecurity researchers are raising alarms as hackers increasingly weaponize email input fields to execute cross-site...

Luna Moth Hackers Use Fake Helpdesk Domains to Target Victims

A recent investigation by cybersecurity firm EclecticIQ, in collaboration with threat hunters, has exposed...

SonicBoom Attack Chain Lets Hackers Bypass Login and Gain Admin Control

Cybersecurity researchers have uncovered a dangerous new exploitation technique, dubbed the "SonicBoom Attack Chain,"...

Researcher Uses Copilot with WinDbg to Simplify Windows Crash Dump Analysis

A researcher has unveiled a novel integration between AI-powered Copilot and Microsoft's WinDbg, dramatically...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

Hackers Exploit Email Fields to Launch XSS and SSRF Attacks

Cybersecurity researchers are raising alarms as hackers increasingly weaponize email input fields to execute cross-site...

Luna Moth Hackers Use Fake Helpdesk Domains to Target Victims

A recent investigation by cybersecurity firm EclecticIQ, in collaboration with threat hunters, has exposed...

SonicBoom Attack Chain Lets Hackers Bypass Login and Gain Admin Control

Cybersecurity researchers have uncovered a dangerous new exploitation technique, dubbed the "SonicBoom Attack Chain,"...