Uniswap
@uniswapLive
Maximum reward
$15,500,000
Severity
Max. Reward
Critical$15,500,000
High$1,000,000
Medium$100,000
Deposit required
$50
Findings submitted
631
Start date
26 Nov 2024
Please sign in as a researcher to join the bounty.
Log inIn scope
Smart ContractsWebsitesOtherUnichain L1 ContractsUniswap InfrastructureMobile Apps and Chrome Extension
Severity
Min and Max Reward
CriticalUp to $250,000
High
Up to $50,000
Medium
Up to $10,000
Web Applications (app.uniswap.org and other Uniswap-owned web applications)
Critical Examples – Up to $250,000
| Vulnerability Type | Example | Why Critical |
|---|---|---|
| Wallet Drain via XSS | Stored XSS injects malicious transaction parameters during swapping that appear legitimate so that output tokens are sent to the attacker’s address | Direct fund theft |
| Transaction Replacement | MITM attack replaces recipient address in swap UI (extension injection explicitly out of scope) | Funds sent to attacker |
High Examples – Up to $50,000
| Vulnerability Type | Example | Impact |
|---|---|---|
| Gas Estimation Exploit | Malicious input causes massive gas estimation, draining ETH through failed transactions | Economic attack on users |
Medium Examples – Up to $10,000
| Vulnerability Type | Example | Impact |
|---|---|---|
| Reflected XSS | Non-persistent XSS requiring social engineering to exploit | Limited scope, requires user action |
| General Flaws | Flaws preventing >1,000 users from purchasing/trading | Denial of service |
Name | Description | Asset |
|---|---|---|
| Website | App | |
| Docs Site | Uniswap Docs |
Out of scope
- v4 hooks that were not developed by Uniswap Labs.
- Clickjacking (we do allow 3rd parties to iframe us)
- DDOS
- Bugs in third party code
- Dev branches that are not deployed in public packages or contracts
- Third party contracts that are not under the direct control of Uniswap Labs
- Issues already listed in the audits for the contracts above
- Bugs in third party contracts or applications that use Uniswap contracts
- Brute force attacks
- Rounding errors
- Cache-control header settings
- Extreme market turmoil vulnerability
- Gas optimization recommendations
- Task Hijacking (Strandhogg)
- Any vulnerability that is previously known by the Uniswap Labs team
- Certificate Pinning on Mobile
- Cache-control header settings
Unichain Out of Scope
-
Core OP Stack code. Researchers should notify Optimism via their Immunefi Bedrock Bug Bounty Program
-
Flashblocks
-
UVN
-
unichain-node repository
-
unichain.org top level and docs.unichain.org