Uniswap offers biggest ‘bug bounty’ ever, promising up to $15.5 million to those who discover code vulnerabilities
Uniswap, one of the largest decentralized exchanges, said it will reward $15.5 million to anyone who can find vulnerabilities in the latest version of the protocol of the same name. The size of the reward—which the company says is its largest ever in a so-called “bug bounty”—is intended to ensure the latest evolution of the protocol, known as Uniswap v4, is the most secure maybe.
The idea behind bug bounty programs, widely used in the technology sector, is to encourage non-malicious hackers—known as “white hats”—to discover vulnerabilities in computer code before Bad guys do it.
Uniswap v4 builds on v3, launched in 2021, and seeks to make transactions cheaper and more customizable. Uniswap is rolling out bug bounties as development phase ends and decided to award $15.5 million to overcome class noa cross-chain messaging protocol, offering a $15 million bounty by 2023.
The latest version of the protocol has undergone multiple security tests, including 9 independent audits and a $2.35 million security competition in which 500 researchers participated and found no findings. found any serious vulnerabilities, the company said in a statement.
While the security of v4 has been evaluated many times, Uniswap is taking this extra step to ensure their protocol is not stolen as it processes billions of dollars worth of volume every day and once Once deployed, it cannot be changed.
“The Uniswap protocol serves as critical infrastructure for DeFi and has secured over $2.5 trillion in transaction volume, and v4 introduces the ability to limitless customization”. “This $15.5 million bug bounty is the largest in history, reflecting our commitment to building secure smart contracts for all users and developers. development is building on that foundation.”
The program only covers bugs found in Uniswap v4 core contracts and does not cover “third-party contracts not implemented by Uniswap Labs, issues that were listed during testing contracts in v4 archiveerrors in third-party contracts or applications using contracts deployed by Uniswap Labs or known issues internally,” according to the statement.
Not all successful hackers receive $15.5 million. Payments are based on a tiered approach that categorizes each error using a risk score. The reward for discovering a “critical” bug is $15.5 million, while a “high” risk bug gets $1 million and a “medium” risk bug gets $100,000.
To be eligible for rewards, bugs must be reported within 24 hours of being reported discover and keep it a secret until the problem is resolved.
These types of programs have been around since the 1980s when a software company called Hunter and Ready first offered one. Volkswagen Beetle, or “bug,” is for anyone who can find a vulnerability in their operating system. Since then, large bounties have become increasingly common in the technology industry and are sometimes used by the US government.