Cointime

Cointime

Download App
iOS & Android

Uniswap Launches Bug Bounty Program, Reward Up to 3 Million USDC

Overview

The security of Uniswap and its smart contracts are of utmost importance to us. For that reason we have an official Uniswap Bug Bounty (the ”Program”) to incentivize responsible bug disclosure. Rewards will be allocated based on the severity of the bug disclosed and evaluated for rewards up to 2,250,000 USDC.

Special Notice

Until Nov 30, 2022, all bugs found within Universal Router as well as Permit2 before they are launched will receive an additional bounty on top of the reward up to a maximum of 3,000,000 USDC.The scope of this additional bounty includes the following:

Scope

The Program includes vulnerabilities and bugs in any deployed Uniswap contract. These include those within the following GitHub repositories:- Universal Router Contract CodePermit2 Contract CodeV3 Contract CodeHowever if you find a bug in a Uniswap smart contract outside of these repositories, where user funds are at risk, the team will consider the issue to be in-scope for our bounty.The following are not within the scope of the Program:

Rewards

The Program includes the following 4 level severity scale:

  • - Critical Issues that could impact numerous users and have serious reputational, legal or financial implications. An example would be being able to lock contracts permanently or take funds from all users.
  • - High Issues that impact individual users where exploitation would pose reputational, legal or moderate financial risk to the user.
  • - Medium The risk is relatively small and does not pose a threat to user funds.
  • - Low/Informational The issue does not pose an immediate risk but is relevant to security best practices.

Rewards will be given based on the above severity as well as the likelihood of the bug being triggered or exploited, to be determined at the sole discretion of Uniswap Labs. You can find out more about this scale at the OWASP risk rating methodology page.DisclosureAny vulnerability or bug discovered must be reported only to the following email: [email protected]. An acknowledgement of receipt will be given within 1 business day by Uniswap Labs.The vulnerability must not be disclosed publicly or to any other person, entity or email address before Uniswap Labs has been notified, has fixed the issue, and has granted permission for public disclosure. In addition, disclosure must be made within 24 hours following discovery of the vulnerability.A detailed report of a vulnerability increases the likelihood of a reward and may increase the reward amount. Please provide as much information about the vulnerability as possible, including:

  • - The conditions on which reproducing the bug is contingent.
  • - The steps needed to reproduce the bug or, preferably, a proof of concept.
  • - The potential implications of the vulnerability being abused.

Anyone who reports a unique, previously-unreported vulnerability that results in a change to the code or a configuration change and who keeps such vulnerability confidential until it has been resolved by our engineers will be recognized publicly for their contribution if they so choose.EligibilityTo be eligible for a reward under this Program, you must:

  • - Discover a previously-unreported, non-public vulnerability that is not previously known by the team and within the scope of this Program.
  • - Be the first to disclose the unique vulnerability to [email protected], in compliance with the disclosure requirements.
  • - Provide sufficient information to enable our engineers to reproduce and fix the vulnerability.
  • - Not exploit the vulnerability in any way, including through making it public or by obtaining a profit (other than a reward under this Program).
  • - Not publicize a vulnerability in any way, other than through private reporting to us.
  • - Make a good faith effort to avoid privacy violations, destruction of data, interruption or degradation of any of the assets in scope.
  • - Not submit a vulnerability caused by an underlying issue that is the same as an issue on which a reward has been paid under this Program.
  • - Not engage in any unlawful conduct when disclosing the bug to [email protected], including through threats, demands, or any other coercive tactics.
  • - Be at least 18 years of age or, if younger, submit your vulnerability with the consent of your parent or guardian.
  • - Not be subject to US sanctions or reside in a US-embargoed country.
  • - Not be one of our current or former employees, vendors, or contractors or an employee of any of those vendors or contractors.
  • - Comply with all the eligibility requirements of the Program.

Other Terms

By submitting your report, you grant Uniswap Labs any and all rights, including intellectual property rights, needed to validate, mitigate, and disclose the vulnerability. All reward decisions, including eligibility for and amounts of the rewards and the manner in which such rewards will be paid, are made at our sole discretion.The terms and conditions of this Program may be altered at any time.

Comments

All Comments

Recommended for you

  • Fed's Collins: Reaching 2% inflation may take longer than expected

    The Fed's Collins stated that it may take longer than expected to reach a 2% inflation level; the policy is appropriately restrictive for risks; rates should be maintained until confidence is strengthened; the full impact of restrictive policies may not yet be seen; high uncertainty reinforces the need for the Fed to remain patient; it is necessary to slow down the US economic growth in order to put inflation on the path towards a 2% decline; there has been no sign of inflation falling back since 2024; demand is expected to eventually slow down, but there is uncertainty regarding timing.

  • U.S. House of Representatives passes resolution to overturn SEC cryptocurrency accounting standards announcement

    The US House of Representatives passed a resolution overturning the SEC's announcement on cryptocurrency accounting standards, with a vote of 228-182, showing clear partisan divisions. The announcement requires banks to record customer cryptocurrency assets as liabilities, causing industry controversy and concerns that it may hinder services. Republicans support the resolution, but the White House has stated that the President will veto the move, fearing it may cause financial instability. Democrats accuse the move of potentially weakening the SEC's authority. The resolution will now go to the Senate for review, facing more partisan controversy.

  • Rwanda’s central bank continues to advance retail CBDC project

    The National Bank of Rwanda (BNR) has opened its just-completed feasibility study on retail central bank digital currency (CBDC) to solicit public opinion. BNR is considering launching a national digital currency that combines technological innovation and is suitable for local conditions.

  • MakerDAO: DAI supply increased by $1 billion in the past two months

    MakerDAO stated on X platform that the supply of DAI increased from $4.4 billion to $5.4 billion within 60 days. In addition to the growth in supply, DAI set a new record in April with on-chain transaction volume reaching $636.72 billion. The Dai Savings Rate (DSR) also showed positive momentum, steadily increasing over the past few months with total deposits exceeding $2 billion last week.

  • Crypto startup Lagrange Labs raises $13.2 million

    Peter Thiel's Founders Fund led a seed funding round of $13.2 million for the cryptocurrency startup Lagrange Labs. In addition to Founders Fund, the seed funding for Lagrange also included participation from Archetype Ventures, 1kx, Maven11, Fenbushi Capital, Volt Capital, CMT Digital, Mantle, and Ecosystem.

  • Arbelos, a primary market trader in cryptocurrencies, has raised $28 million in funding, led by Dragonfly

    Arbelos completed a funding round of $28 million, led by Dragonfly with participation from FalcolnX, Circle, Paxos, Polygon, and Deribit. Arbelos Markets will primarily focus on derivatives and over-the-counter trading for institutional participants, providing trading liquidity for companies such as hedge funds and venture capital firms as counterparties for popular products such as options and futures.

  • British neobank Monzo raises $190 million, led by Hedosophia and CapitalG

    Monzo, a new bank in the UK, has raised $190 million in funding with Hedosophia and CapitalG (Alphabet's independent growth fund) leading the way. This latest funding round brings Monzo's total funding for the year to $610 million, with a post-funding valuation of $5.2 billion. Monzo CEO and co-founder TS Anil stated that the plan is to use this cash to create new products and accelerate international expansion plans.

  • Hong Kong Securities and Futures Commission: The public should beware of Quantum AI’s suspected fraudulent activities related to virtual assets

    Hong Kong Securities and Futures Commission warned the public to beware of Quantum AI's alleged involvement in virtual asset-related fraud. It is reported that Quantum AI claims to use its related artificial intelligence technology to provide cryptocurrency trading services. The Securities and Futures Commission suspects that Quantum AI used deepfake videos and photos made by artificial intelligence, impersonating Mr. Elon Musk, on its website and social media to deceive the public into thinking that Mr. Musk is the developer of Quantum AI's related technology. The Hong Kong Police Force has responded to the Securities and Futures Commission's request and taken action to block Quantum AI's website and remove its related social media pages. Although the police have taken action, the public should beware that scammers may continue to establish websites and social media pages with similar domain names.

  • A whale deposited 757.7 BTC to Coinbase 3 hours ago, worth about 47.6 million US dollars

    The Data Nerd reported that 3 hours ago, Whale 17Bu7 just deposited $757.7 worth of BTC (approximately $47.6 million) into #Coinbase.

  • US SEC submits final response in Ripple case relief phase

    Ripple Labs and the US SEC have made new progress in their legal battle, with the SEC submitting its final reply in the remedies phase of the lawsuit. In response to the recent brief on remedies, the SEC questioned Ripple's claim that the blockchain startup's behavior was not reckless, despite the court previously rejecting this "fair notice" defense, but Ripple's legal status should not have "broad uncertainty". The SEC also questioned whether Ripple might maintain its original position in the future, although Ripple has not violated any rules since the XRP lawsuit was launched in 2020. According to the remedy brief, Ripple attempted to downplay its responsibility while emphasizing its cooperation with the SEC since the XRP ICO in 2013. However, the SEC emphasized that under the law, even if Ripple has not engaged in any violations since 2020, the next violation is still expected to be possible. (Cointelegraph)

Daily Must-Read

Popular Activities

Delysium $AGI & AI Private Yacht Party

Delysium $AGI & AI Private Yacht Party

March 27 - March 27
Seoul

Popular Tags

Cointime
News
Contents
RSS
Company