Uniswap, the largest decentralized exchange (DEX), has just announced a $15.5 million bounty for finding vulnerabilities in its v4 upgrade. This is a new record for the highest bug reward ever, surpassing LayerZero’s reward of 15 million USD.
However, this bounty comes with some conditions and Uniswap only awards the full amount for “critical” vulnerabilities excluding 3rd party contracts or applications.
Uniswap v4. Bug Hunt Rewards
Recently, Uniswap launched one bonus Significant for identifying vulnerabilities in source code. Specifically, the company is looking for weaknesses in the core competencies of its massive v4 upgrade. Uniswap also published a blog post providing more details about the program:
Today, we are pleased to launch the largest $15.5 million bug bounty in history for vulnerabilities found in the Uniswap v4 core contract. Uniswap v4 is already one of the most thoroughly audited codebases in DeFi, with nine independent audits. As deployment approaches, we’re taking an extra step to ensure v4 is as secure as possible,” the post read. stated clearly.
Seriously, Uniswap’s claim of being the largest “bug bounty” ever is a bit vague. In the past, some platforms have offered large rewards to encourage hackers to return stolen money. Last year, Mixin Network called its $20 million bounty to hackers a “bug bounty,” but the company used the term a bit incorrectly.
In this case, Uniswap only offered money for identifying the vulnerability, not a ransom for actually exploiting it. In this category, Uniswap’s $15.5 million offer is truly enormous: earlier this year, Solana offered just $1 million for a similar program. In other words, the company may find that v4 security continues to be pivotal to Uniswap’s success.
On the other hand, this substantial offer may stem from confidence. As mentioned, Uniswap conducted nine independent source code audits and conducted an additional security audit worth $2.35 million. Fortune said that Uniswap chose a figure of 15.5 million USD to surpass LayerZero, which offered a reward of 15 million USD last year. This high bonus, accordingly, may just be a showoff.
In any case, this huge bonus comes with important conditions. First of all, a hacker cannot claim vulnerabilities from any 3rd party contract or application, even those deployed by Uniswap Labs. Second, it is not possible to list any unresolved issues that previous audits have identified. Ultimately, only “serious” errors receive the full payout, with lower risks receiving between $1 million and $100K.