Uniswap ($UNI) Labs has formally introduced a Malicious program Bounty Program (“the Program”). The initiative targets to inspire moral hackers and safety researchers to spot and document vulnerabilities in Uniswap’s deployed contracts. Rewards for a success worm disclosures can succeed in as much as 2,250,000 USDC, relying at the severity of the problem.
Scope of the Program
The Program in particular goals vulnerabilities in Uniswap’s deployed contracts, together with however no longer restricted to:
Common Router Contract Code
Permit2 Contract Code
V3 Contract Code
UniswapX Contract Code
Alternatively, if a worm is came upon in a Uniswap sensible contract outdoor of those repositories and poses a possibility to consumer finances, it’s going to be thought to be in-scope for the Program.
Exclusions
The Program does no longer duvet:
- 3rd-party contracts no longer below Uniswap’s direct regulate
- Problems already indexed in audits for the above contracts
- Insects in third-party contracts or programs that use Uniswap contracts
- The Uniswap DAPP, internet interface, or different non-contract similar fabrics
Praise Construction
Uniswap Labs has categorised the severity of attainable problems into 4 ranges:
- Vital Problems: Impacting a large number of customers and posing critical reputational, prison, or monetary dangers.
- Prime Problems: Affecting particular person customers and posing average monetary possibility.
- Medium Problems: Posing rather small dangers and no longer threatening consumer finances.
- Low/Informational Problems: Related to safety perfect practices however no longer posing an instantaneous possibility.
The rewards shall be allotted according to this severity scale and the chance of the worm being exploited, as decided only by means of Uniswap Labs.
Disclosure Protocol
All vulnerabilities should be reported to Uniswap Labs by means of the designated e mail: safety+bugbounty@uniswap.org. Public disclosure of the vulnerability is illegal till Uniswap Labs has resolved the problem and granted permission for public disclosure.
Eligibility Standards
To be eligible for a praise, the reporter should:
- Find a distinctive, previously-unreported vulnerability inside the scope of the Program.
- Be the primary to reveal the vulnerability to Uniswap Labs.
- Supply enough data for the vulnerability to be reproduced and stuck.
- Conform to all different phrases and stipulations of the Program.
Ultimate Remarks
Uniswap Labs keeps the only real discretion to vary the phrases and stipulations of the Program at any time. Through collaborating within the Program, you grant Uniswap Labs the rights had to validate, mitigate, and reveal the vulnerability.
Symbol supply: Shutterstock