OpportunitiesLeaderboardAbout Cantina
Uniswap

Uniswap

@uniswap
Live

Maximum reward

$15,500,000

Severity

Rewards

CriticalUp to $15,500,000
HighUp to $1,000,000
MediumUp to $100,000

Findings submitted

369

Start date

26 Nov 2024

Please sign in as a researcher to join the bounty.

Log in
InstructionsScope

In scope

Smart ContractsWebsitesOtherUnichain L1 ContractsUnichain Infrastructure
CriticalUp to $15,500,000
HighUp to $1,000,000
MediumUp to $100,000

The Program includes vulnerabilities and bugs in the latest deployed versions of the specified Uniswap contracts below, and commit b619b67 of the specified undeployed v4-core contracts. These files are found within the following GitHub repositories.

However if you find a bug in a Uniswap smart contract outside of these repositories, where user funds are at risk, the team will consider the issue to be in-scope for our bounty as an Other Uniswap Contract Code (for purposes of payout eligibility). Additionally, we anticipate adding v4-periphery to the Program soon.

Asset
Description
V4 Core Contractshttps://github.com/Uniswap/v4-core/tree/b619b6718e31aa5b4fa0286520c455ceb950276d
Universal Router Contract Codehttps://github.com/Uniswap/universal-router
Permit2 Contract Codehttps://github.com/Uniswap/permit2
V3 Contract Codehttps://github.com/Uniswap/v3-core
UniswapX Contract Codehttps://github.com/Uniswap/UniswapX
Uniswap Interface Codehttps://github.com/Uniswap/interface

Out of scope

  • V4 Periphery Contracts
  • v4 hooks that were not developed by Uniswap Labs.
  • Clickjacking (we do allow 3rd parties to iframe us)
  • DDOS
  • Bugs in third party code
  • Dev branches that are not deployed in public packages or contracts
  • Third party contracts that are not under the direct control of Uniswap Labs
  • Issues already listed in the audits for the contracts above
  • Bugs in third party contracts or applications that use Uniswap contracts
  • Brute force attacks
  • Rounding errors
  • Cache-control header settings
  • Extreme market turmoil vulnerability
  • Gas optimization recommendations
  • Task Hijacking (Strandhogg)
  • Any vulnerability that is previously known by the Uniswap Labs team
  • Certificate Pinning on Mobile
  • Cache-control header settings

Unichain Out of Scope