Cointime

Cointime

Download App
iOS & Android

Uniswap Launches Bug Bounty Program, Reward Up to 3 Million USDC

Overview

The security of Uniswap and its smart contracts are of utmost importance to us. For that reason we have an official Uniswap Bug Bounty (the ”Program”) to incentivize responsible bug disclosure. Rewards will be allocated based on the severity of the bug disclosed and evaluated for rewards up to 2,250,000 USDC.

Special Notice

Until Nov 30, 2022, all bugs found within Universal Router as well as Permit2 before they are launched will receive an additional bounty on top of the reward up to a maximum of 3,000,000 USDC.The scope of this additional bounty includes the following:

Scope

The Program includes vulnerabilities and bugs in any deployed Uniswap contract. These include those within the following GitHub repositories:- Universal Router Contract CodePermit2 Contract CodeV3 Contract CodeHowever if you find a bug in a Uniswap smart contract outside of these repositories, where user funds are at risk, the team will consider the issue to be in-scope for our bounty.The following are not within the scope of the Program:

Rewards

The Program includes the following 4 level severity scale:

  • - Critical Issues that could impact numerous users and have serious reputational, legal or financial implications. An example would be being able to lock contracts permanently or take funds from all users.
  • - High Issues that impact individual users where exploitation would pose reputational, legal or moderate financial risk to the user.
  • - Medium The risk is relatively small and does not pose a threat to user funds.
  • - Low/Informational The issue does not pose an immediate risk but is relevant to security best practices.

Rewards will be given based on the above severity as well as the likelihood of the bug being triggered or exploited, to be determined at the sole discretion of Uniswap Labs. You can find out more about this scale at the OWASP risk rating methodology page.DisclosureAny vulnerability or bug discovered must be reported only to the following email: [email protected]. An acknowledgement of receipt will be given within 1 business day by Uniswap Labs.The vulnerability must not be disclosed publicly or to any other person, entity or email address before Uniswap Labs has been notified, has fixed the issue, and has granted permission for public disclosure. In addition, disclosure must be made within 24 hours following discovery of the vulnerability.A detailed report of a vulnerability increases the likelihood of a reward and may increase the reward amount. Please provide as much information about the vulnerability as possible, including:

  • - The conditions on which reproducing the bug is contingent.
  • - The steps needed to reproduce the bug or, preferably, a proof of concept.
  • - The potential implications of the vulnerability being abused.

Anyone who reports a unique, previously-unreported vulnerability that results in a change to the code or a configuration change and who keeps such vulnerability confidential until it has been resolved by our engineers will be recognized publicly for their contribution if they so choose.EligibilityTo be eligible for a reward under this Program, you must:

  • - Discover a previously-unreported, non-public vulnerability that is not previously known by the team and within the scope of this Program.
  • - Be the first to disclose the unique vulnerability to [email protected], in compliance with the disclosure requirements.
  • - Provide sufficient information to enable our engineers to reproduce and fix the vulnerability.
  • - Not exploit the vulnerability in any way, including through making it public or by obtaining a profit (other than a reward under this Program).
  • - Not publicize a vulnerability in any way, other than through private reporting to us.
  • - Make a good faith effort to avoid privacy violations, destruction of data, interruption or degradation of any of the assets in scope.
  • - Not submit a vulnerability caused by an underlying issue that is the same as an issue on which a reward has been paid under this Program.
  • - Not engage in any unlawful conduct when disclosing the bug to [email protected], including through threats, demands, or any other coercive tactics.
  • - Be at least 18 years of age or, if younger, submit your vulnerability with the consent of your parent or guardian.
  • - Not be subject to US sanctions or reside in a US-embargoed country.
  • - Not be one of our current or former employees, vendors, or contractors or an employee of any of those vendors or contractors.
  • - Comply with all the eligibility requirements of the Program.

Other Terms

By submitting your report, you grant Uniswap Labs any and all rights, including intellectual property rights, needed to validate, mitigate, and disclose the vulnerability. All reward decisions, including eligibility for and amounts of the rewards and the manner in which such rewards will be paid, are made at our sole discretion.The terms and conditions of this Program may be altered at any time.

Comments

All Comments

Recommended for you

  • Insider: Trump team supports Kevin Warsh as US Treasury Secretary

     informed sources said that the Trump team supports Kevin Warsh as the US Treasury Secretary, and discussions are still ongoing.

  • Lido is preparing a blockchain identity verification platform codenamed "Y" to compete with World Network

    According to insiders, Cyber Fund, led by Lido co-founders Konstantin Lomashuk and Vasiliy Shapovalov, is preparing a blockchain identity verification platform codenamed "Y" to directly compete with Sam Altman's World Network. Unlike World Network, which uses iris scanning for identity verification, the Y project will use users' social media and blockchain activity data, combined with Ethereum Attestation Service, to verify their identity. The solution aims to address the risk of biometric data leakage and minimize the potential for fraud.

  • Tether announces upcoming investment in stablecoin company Quantoz Payments

    On November 18th, Tether announced that it will invest in Quantoz Payments to launch EURQ and USDQ electronic currency tokens (EMT) that comply with the MiCAR standard for the euro and the US dollar respectively. Tether has not disclosed the amount of its investment, and Quantoz will use Tether's Hadron asset tokenization platform.

  • U.S. 30-year Treasury yield rises to 4.68%

    30-year US Treasury bond yield rose to 4.68%, the highest level since May 31.

  • NANO LABS announces Bitcoin as its strategic reserve asset

    Nano Labs announced that it will use Bitcoin as its strategic reserve asset.

  • Revolut Launches Staking Feature for Six Cryptocurrencies, Allowing Users to Earn Rewards

    Revolut, a prominent digital bank, has introduced a staking feature that enables users to temporarily lock funds to secure a cryptocurrency's network and earn rewards. The staking process is simple and easy to use, and currently supports six cryptocurrencies: Ethereum, Solana, Polkadot, Cardano, Tezos, and Polygon. The rewards for staking vary depending on the amount of crypto staked and the chosen cryptocurrency, with APYs ranging from 2.09% to 12.30%. However, some cryptocurrencies have lock-up periods before users can access their balances. Revolut users can stake Ethereum and receive their rewards daily after a waiting period of approximately 2 days, but must wait 10 days to access their balance once unstaked. Staking Solana on Revolut offers an APY of 5.25%, with rewards paid every 3 days after an initial waiting period of 3 days. Staking Polygon on Revolut offers an APY of up to 3.74%, with rewards paid daily after a 1-day warm-up period. Revolut staking is available in select countries within the EEA, with fees ranging from 15% to 35% depending on the token and the amount staked.

  • Ethereum Struggles with Institutional Adoption, Losing Ground to Bitcoin

    Ethereum's eight-year support trend against Bitcoin has been broken, causing concern for its future. Tuur Demeester, founder of Adamant Capital, has described Ethereum as "dying a slow death" due to this development. The slow adoption by institutions is being blamed for Ethereum's setback, while Bitcoin continues to dominate. This could have implications for Ethereum's position as an asset class. Despite this, Bitcoin's price remains stable, while altcoins show mixed performance. The disparity between Bitcoin and Ethereum's adoption among institutional investors is due to Bitcoin's simpler use case and fixed supply, as well as its higher trading volumes in ETFs compared to Ethereum. Ethereum's scalability challenges and regulatory scrutiny, particularly regarding its transition to a proof-of-stake model, are also contributing factors. Institutional endorsement of Bitcoin ETFs has outpaced that of Ethereum, with major asset managers like Fidelity and Morgan Stanley adding Bitcoin ETFs to their offerings. Experts suggest that Ethereum needs to address scalability issues and redefine its role as a technology-driven platform to regain its competitive edge. Until then, institutional investment appears to favor Bitcoin.

  • Morgan Stanley expects US interest rate cuts of 75 basis points in the first half of 2025

    Morgan Stanley predicts that by mid-2025, the yield on 10-year US Treasury bonds will fall to 3.75%, and by the end of next year it will fall to slightly above 3.50%. It is expected that the US will cut interest rates by 75 basis points in the first half of 2025.

  • Vitalik: Hope to see more EVM Rollups to improve data efficiency

    Vitalik Buterin, co-founder of Ethereum, wrote on the X platform that part of the L2 expansion is for Ethereum to increase its blob capacity, and the other part is for Rollups to become more data-efficient. It is great to see Starknet rise to the challenge and hope to see more EVM Rollups improve data efficiency. Earlier, Starknet announced the release of the solution Starknet v0.13.3, which aims to meet the stable growth of Ethereum blob processing needs.

  • Musk: I still hold a lot of Dogecoin, and SpaceX holds a lot of Bitcoin

    On November 18th, Dogecoin UI designer DogeDesigner shared an audio clip of Musk saying "I still hold a lot of Dogecoin, and SpaceX holds a lot of Bitcoin."

Daily Must-Read

Popular Activities

Delysium $AGI & AI Private Yacht Party

Delysium $AGI & AI Private Yacht Party

March 27 - March 27
Seoul

Popular Tags

Cointime
News
Contents
RSS
Company