Uniswap
@uniswapLive
Maximum reward
$15,500,000
Severity
Max. Reward
Critical$15,500,000
High$1,000,000
Medium$100,000
Deposit required
$50
Findings submitted
631
Start date
26 Nov 2024
Please sign in as a researcher to join the bounty.
Log inIn scope
Smart ContractsWebsitesOtherUnichain L1 ContractsUniswap InfrastructureMobile Apps and Chrome Extension
Severity
Min and Max Reward
CriticalUp to $250,000
High
Up to $50,000
Medium
Up to $10,000
Infrastructure findings include vulnerabilities affecting Uniswap Labs’ operational environment and supporting systems, including:
- Cloud infrastructure (e.g., AWS, GCP, Cloudflare, hosted services)
- CI/CD pipelines (GitHub Actions, build systems, deployment workflows, NPM packages)
- Container registries and artifact storage
- DNS configuration and domain management, PKI
- Production deployments and configuration management
- Public RPC infrastructure (including Unichain RPC & transaction ingress)
- Backend services supporting routing, quoting, or transaction preparation
- Secrets management systems
- Monitoring and alerting systems (if exploitable)
Infrastructure findings must demonstrate clear and actionable security impact.
Critical Examples – Up to $250,000
| Vulnerability Type | Example | Why Critical |
|---|---|---|
| CI/CD Pipeline Compromise | Attacker gains control over deployment pipeline (GitHub Actions, artifact registry, NPM) and deploys malicious version of app.uniswap.org | Mass wallet-draining via trusted domain; entire user base affected |
| Cloud IAM / Secrets Compromise | Access to production IAM roles or secrets (backend signing keys, API tokens, deploy keys) | Modify routing logic, manipulate transactions, inject malicious parameters |
| DNS Hijack of Official Domain | DNS takeover of app.uniswap.org | Pixel-perfect phishing clone; traffic redirection; direct wallet drain |
High Examples – Up to $50,000
| Vulnerability Type | Example | Impact |
|---|---|---|
| SSRF to Cloud Metadata | SSRF allowing access to AWS IMDS or internal services, demonstrably leveraged for credential retrieval or lateral movement | Privilege escalation, stepping stone to broader compromise |
| Overly Permissive IAM Policies | Production roles allow unnecessary administrative actions | Viable lateral movement path; potential malicious deployment chain |
| Production API Exposure Without Auth | Internal/admin APIs accessible without proper auth | Unauthorized routing or operational manipulation |
Medium Examples – Up to $10,000
| Vulnerability Type | Example | Impact |
|---|---|---|
| Minor Privilege Escalation | Escalation within non-production or low-impact service | Limited blast radius; requires chaining |
| RCE on Unused Instance/System | Legacy unused instance publicly accessible and vulnerable to RCE via outdated dependency | Code execution on internal system owned by Uniswap |
Name | Description | Asset |
|---|---|---|
| NPM packages | NPM packages under @uniswap org |
Out of scope
- v4 hooks that were not developed by Uniswap Labs.
- Clickjacking (we do allow 3rd parties to iframe us)
- DDOS
- Bugs in third party code
- Dev branches that are not deployed in public packages or contracts
- Third party contracts that are not under the direct control of Uniswap Labs
- Issues already listed in the audits for the contracts above
- Bugs in third party contracts or applications that use Uniswap contracts
- Brute force attacks
- Rounding errors
- Cache-control header settings
- Extreme market turmoil vulnerability
- Gas optimization recommendations
- Task Hijacking (Strandhogg)
- Any vulnerability that is previously known by the Uniswap Labs team
- Certificate Pinning on Mobile
- Cache-control header settings
Unichain Out of Scope
-
Core OP Stack code. Researchers should notify Optimism via their Immunefi Bedrock Bug Bounty Program
-
Flashblocks
-
UVN
-
unichain-node repository
-
unichain.org top level and docs.unichain.org