Uniswap

Uniswap

@uniswap

Live

Maximum reward

$15,500,000

Severity

Rewards

CriticalUp to $15,500,000

HighUp to $1,000,000

MediumUp to $100,000

Findings submitted

380

Start date

26 Nov 2024

Please sign in as a researcher to join the bounty.

Instructions Scope

In scope

Smart Contracts Websites Other Unichain L1 Contracts Unichain Infrastructure

CriticalUp to $2,250,000

HighUp to $100,000

MediumUp to $50,000

Any L1 contract deployment which puts Unichain User’s funds at risk but does not impact other OP Stack chains.
- See this for a non-exhaustive list of L1 contracts. For the issue to be in scope, the contract must be actively in use.

Asset	Description
Unichain L1 Contracts	https://docs.unichain.org/docs/technical-information/contract-addresses#l1-contracts

Out of scope

V4 Periphery Contracts
v4 hooks that were not developed by Uniswap Labs.
Clickjacking (we do allow 3rd parties to iframe us)
DDOS
Bugs in third party code
Dev branches that are not deployed in public packages or contracts
Third party contracts that are not under the direct control of Uniswap Labs
Issues already listed in the audits for the contracts above
Bugs in third party contracts or applications that use Uniswap contracts
Brute force attacks
Rounding errors
Cache-control header settings
Extreme market turmoil vulnerability
Gas optimization recommendations
Task Hijacking (Strandhogg)
Any vulnerability that is previously known by the Uniswap Labs team
Certificate Pinning on Mobile
Cache-control header settings

Unichain Out of Scope

Core OP Stack code. Researchers should notify Optimism via their Immunefi Bedrock Bug Bounty Program
Flashblocks
UVN
unichain-node repository
unichain.org top level and docs.unichain.org