The popular decentralized exchange, Uniswap, has announced an official Bug Bounty (the ”Program”) designed to incentivize ethical hackers and security researchers to identify and report the bug disclosure.
For the bug disclosures, Uniswap also came up with rewards, which can be up to 2,250,000 USDC, depending on the severity of the identified bug and assets at risk.
The Uniswap Bug Bounty covers vulnerabilities and bugs in smart contracts that are deployed by Uniswap, which can be found in various GitHub repositories, including the Universal Router Contract Code, Permit2 Contract Code, V3 Contract Code, and UniswapX Contract Code.
Out of these repositories, if anyone finds a security issue in a Uniswap smart contact that puts its fund at risk, which Uniswap will consider it “in-scope”. Uniswap also mentioned the scope, which will not be part of the program.
The program adds a 4-level severity scale, of which the top one is “Critical Issues that could impact numerous users and have serious reputational, legal or financial implications.” High issues that affect specific users where exploitation would put their reputations, legal standing, or finances at risk.
The other scale is Medium-severity issues, which pose a relatively smaller risk and do not threaten user funds, and Low-severity or informational issues, which do not pose an immediate risk but are still important for upholding best security practices
As for this program, Ethical hackers have to submit their discoveries with the appropriate information, which can be used by engineers to reproduce and fix the bug, to a designated email address at Uniswap Labs.
Also Read: DEX Uniswap Launches UniswapX Protocol
