Uniswap
Maximum reward
$15,500,000
Severity
Max. Reward
Critical$15,500,000
High$1,000,000
Medium$100,000
Deposit required
$50
Findings submitted
558
Start date
26 Nov 2024
Please sign in as a researcher to join the bounty.
Log inIn scope
Severity
Min and Max Reward
CriticalUp to $15,500,000
High
Up to $1,000,000
Medium
Up to $100,000
Low
Up to $0
Informational
Up to $0
The Program includes vulnerabilities and bugs in the latest deployed versions of the specified Uniswap contracts below, and commit b619b67 of the specified undeployed v4-core contracts. These files are found within the following GitHub repositories.
However if you find a bug in a Uniswap smart contract outside of these repositories, where user funds are at risk, the team will consider the issue to be in-scope for our bounty as an Other Uniswap Contract Code (for purposes of payout eligibility). Additionally, we anticipate adding v4-periphery to the Program soon.
Please note that the rewards are different from v4 core contracts and other smart contract code.
Other Uniswap Contract Code
| Risk Score | Payout |
|---|---|
| Critical | $2,250,000 |
| High | $500,000 |
| Medium | $100,000 |
| Low | Discretionary |
Name | Description | Asset |
|---|---|---|
| V4 Core Contracts | https://github.com/Uniswap/v4-core/tree/b619b6718e31aa5b4fa0286520c455ceb950276d | - |
| Universal Router Contract Code | https://github.com/Uniswap/universal-router | - |
| Permit2 Contract Code | https://github.com/Uniswap/permit2 | - |
| V3 Contract Code | https://github.com/Uniswap/v3-core | - |
| UniswapX Contract Code | https://github.com/Uniswap/UniswapX | - |
| Uniswap Interface Code | https://github.com/Uniswap/interface | - |
| Calibur 7702 Delegation Contract | Deployed on Mainnet, Unichain, Base, Optimism, BNB. Testnet deployments on Unichain and Sepolia | - |
| Liquidity Launcher | https://github.com/Uniswap/liquidity-launcher | - |
| Continuous Clearing Auction | https://github.com/Uniswap/continuous-clearing-auction | - |
| Protocol Fees | https://github.com/Uniswap/protocol-fees | - |
| Protocol Fees | https://github.com/Uniswap/phoenix-fees/ | - |
Out of scope
- V4 Periphery Contracts
- v4 hooks that were not developed by Uniswap Labs.
- Clickjacking (we do allow 3rd parties to iframe us)
- DDOS
- Bugs in third party code
- Dev branches that are not deployed in public packages or contracts
- Third party contracts that are not under the direct control of Uniswap Labs
- Issues already listed in the audits for the contracts above
- Bugs in third party contracts or applications that use Uniswap contracts
- Brute force attacks
- Rounding errors
- Cache-control header settings
- Extreme market turmoil vulnerability
- Gas optimization recommendations
- Task Hijacking (Strandhogg)
- Any vulnerability that is previously known by the Uniswap Labs team
- Certificate Pinning on Mobile
- Cache-control header settings
Unichain Out of Scope
-
Core OP Stack code. Researchers should notify Optimism via their Immunefi Bedrock Bug Bounty Program
-
Flashblocks
-
UVN
-
unichain-node repository
-
unichain.org top level and docs.unichain.org