The Uniswap protocol is a peer-to-peer system designed for exchanging cryptocurrencies (ERC-20 Tokens) on the Ethereum blockchain. The protocol is implemented as a set of persistent, non-upgradable smart contracts; designed to prioritize censorship resistance, security, self-custody, and to function without any trusted intermediaries who may selectively restrict access.
Prize distribution and scoring
Total Prize Pool: $2,350,000
Primary Prize Pool: $2,250,000
Formal Verification Prize Pool: $100,000
-
The Primary prize pool distribution has 4 possible triggers:
- If one or more valid Low severity findings are found, the primary pot size is $50,000
- If one or more valid Medium severity findings are found, the primary pot size is $300,000
- If one or more valid High severity findings are found, the primary pot size is $1,050,000
- If one or more valid Critical severity (see below for definition) findings are found, the primary pot size is $2,250,000
-
$50,000 of the prize pot reserved for Low Severity findings. These reports are judged based on quality and reviewers are then ranked from 1st to 10th for the purpose of prize allocation.
- 1st - 3rd: $10,000
- 4th - 6th: $5,000
- 7th: $2,500
- 8th: $1,250
- 9th - 10th: $625
Note that for Low findings, we want to encourage high-quality non-trivial submissions. Given that the codebase has gone through multiple reviews before, and due to the large number of participants, we’ll be marking any trivial low findings as informational and may not be considered for reward. To reiterate, the above pot is judged on quality alone and not quantity.
- Formal Verification prize Pool:
- $100k is reserved for the formal verification pool. Full details here
Severity definition:
Please note that the competition has an additional Critical severity, here are the severity definitions and conditions applied on these severities.
The following percentage values used below to calculate loss of funds are based on the assumption that all of Uniswap v3 liquidity is moved to Uniswap v4 Currently the TVL is $1.7B
Critical severity:
- Critical severity is unlocked if a High severity finding results in losses from 50%-100% of the total TVL across all chains.
- Please note there must be sufficient information and undeniable Proof of concept which should be easily verifiable for the loss amount for the finding to be considered Critical with absolutely no ambiguity.
High severity:
- High severity is unlocked if the finding results in losses from 5-50% of the total TVL across all chains.
- Regarding fees:
- If someone can avoid paying swap fees (LP or protocol) across multiple assets and multiple chains - i.e. not due to a specific chain or specific asset's implementation, would be High severity
- If someone can steal LP/protocol fees that are not theirs across multiple assets and multiple chains - i.e. not due to a specific chain or specific asset's implementation, would be High severity
Medium severity:
-
A DoS that can prevent access to more than 5% of total TVL for more than 1 minute, for less money than the value of the funds in question.
-
Individual losses (by stealing, wasting or permanently freezing) impacting at least 1% of individual users, which lose at least 1% of the funds they put in.
Low severity:
-
A DoS that can prevent access to more than 1% of TVL for more than 1 minute, for less money than the value of the funds in question.
-
Any individual losses of at least 1% of their funds.
Risk Classification Matrix
| Severity level | Impact: High | Impact: Medium | Impact: Low |
|---|---|---|---|
| Likelihood: High | Critical/High (Conditional) | High | Medium |
| Likelihood: Medium | High | Medium | Low |
| Likelihood: Low | Medium | Low | Informational |
1. Impact Assessment
- High: Leads to a loss of a significant portion of assets in the protocol, or significant harm to a majority of users. Core Protocol functionality broken. Permanent locking of funds.
- Medium: Losses to only a subset of users, but still unacceptable. DOS of funds for days or more.
- Low: Losses will be annoying but bearable-applies to things like griefing attacks that can could be easily fixed.
2. Likelihood Assessment
- High: Almost certain to happen, easy to perform, or not easy but highly incentivized.
- Medium: Only conditionally possible or incentivized, but still relatively likely.
- Low: There are rare events but are theoretically possible under certain extreme but realistic market conditions
- Please note that in case of any ambiguity or categories outside of the above, the Judges+Cantina team will have the final say on the severity of the findings.
- Please read the following description of how to submit a good finding
- Additional information on Severities described in detail on our docs page.
- This competition has a custom scoring mechanism. Please read the Scoring Mechanism section below for details.
Scoring Mechanism
Points
- A Critical Severity finding is worth 20 points.
- A High severity finding is worth 10 points.(Same as the usual scoring mechanism)
- A Medium severity finding is worth 3 points.(Same as the usual scoring mechanism)
Early Submission Incentive
- Uniswap is one of the most important protocols in the ecosystem. To make sure their upcoming V4 launch is completed on schedule, researchers are incentivized to submit Critical/High/Medium severity findings early, ie: as soon as one is found. The first valid submission will be rewarded an additional 20% reward, in comparison to its subsequent duplicates.
- The finding must identify the root cause, highest valid impact and describe the finding with all the necessary details to consider it valid.
- Please note that low quality or vague submissions or submissions that could be subject to interpretations will not be considered for the additional reward.
- The escalation process will not apply for these rewards and there will be no discussion for these rewards. The decision made by the Judges/Uniswap team on these rewards will be final.
- Example: If a finding has 5 duplicates.
- Using regular each of the duplicates would get $2000 each
- With the current incentive of 20%. The earliest valid submission gets $2307.72, and the rest of the duplicates get $1923.07 each.
Documentation
Scope
- v4-core
- commit:
18b223c - scope:
PoolManager.soland ALL files it relies on
- commit:
| Contract | nsloc |
|---|---|
| Extsload.sol | 64 |
| ERC6909Claims.sol | 23 |
| ProtocolFees.sol | 103 |
| NoDelegateCall.sol | 33 |
| TransientStateLibrary.sol | 49 |
| SwapMath.sol | 108 |
| UnsafeMath.sol | 29 |
| FixedPoint96.sol | 10 |
| SafeCast.sol | 60 |
| FullMath.sol | 117 |
| LPFeeLibrary.sol | 79 |
| CurrencyDelta.sol | 42 |
| SqrtPriceMath.sol | 289 |
| FixedPoint128.sol | 8 |
| StateLibrary.sol | 346 |
| CurrencyReserves.sol | 48 |
| TickMath.sol | 230 |
| NonzeroDeltaCount.sol | 35 |
| BitMath.sol | 49 |
| Pool.sol | 606 |
| CustomRevert.sol | 97 |
| Hooks.sol | 342 |
| ParseBytes.sol | 29 |
| ProtocolFeeLibrary.sol | 48 |
| Lock.sol | 28 |
| TickBitmap.sol | 122 |
| LiquidityMath.sol | 20 |
| Position.sol | 103 |
| PoolManager.sol | 385 |
| ERC6909.sol | 90 |
| Exttload.sol | 40 |
| Currency.sol | 117 |
| Slot0.sol | 94 |
| BeforeSwapDelta.sol | 38 |
| PoolId.sol | 17 |
| BalanceDelta.sol | 72 |
| PoolKey.sol | 22 |
| BipsLibrary.sol | 18 |
- v4-periphery
- commit:
151b282 - scope:
PositionManager.solV4Router.sol- and ALL files they rely on
- commit:
| Contract Name | nSLOC |
|---|---|
| PositionManager.sol | 435 |
| ReentrancyLock.sol | 20 |
| Multicall_v4.sol | 25 |
| Notifier.sol | 118 |
| UnorderedNonce.sol | 31 |
| BaseActionsRouter.sol | 74 |
| EIP712_v4.sol | 51 |
| PoolInitializer.sol | 16 |
| SafeCallback.sol | 24 |
| ImmutableState.sol | 12 |
| ERC721Permit_v4.sol | 108 |
| Permit2Forwarder.sol | 32 |
| DeltaResolver.sol | 87 |
| StateView.sol | 189 |
| SlippageCheck.sol | 46 |
| ERC721PermitHash.sol | 44 |
| CalldataDecoder.sol | 274 |
| Locker.sol | 21 |
| ActionConstants.sol | 15 |
| PathKey.sol | 29 |
| Actions.sol | 40 |
| V4Router.sol | 176 |
| PositionInfoLibrary.sol | 248 |
- universal-router
- commit:
a81e1ce - scope:
UniversalRouter.sol- and ALL files it relies on.
- While this whole file can be in scope, much of the code is already on mainnet and has been for nearly 2 years. We would like particular focus on the new/changed code in the following contracts.
- commit:
| Contract Name | nSLOC |
|---|---|
| UniversalRouter.sol | 67 |
| Dispatcher.sol | 302 |
| Lock.sol | 27 |
| MaxInputAmount.sol | 20 |
| Locker.sol | 27 |
| MigratorImmutables.sol | 22 |
| V4SwapRouter.sol | 17 |
| V3ToV4Migrator.sol | 19 |
| V3SwapRouter.sol | 170 |
- In the dispatcher contracts the following functions:
V4_POSITION_CALLV3_POSITION_MANAGER_CALLV3_POSITION_MANAGER_PERMITV4_SWAP
Chains
- ethereum mainnet
- arbitrum
- avalanche
- base
- blast
- bnb
- celo
- optimism
- polygon
- zksync
- zora
- Any un-altered OP Stack or Arbitrum Orbit chain
Build Instructions
-
v4-core and v4-periphery:
- forge build
- forge test –isolate
- for quick compilation without via-ir, use: FOUNDRY_PROFILE=debug forge build
-
universal-router:
- yarn compile
- yarn test:all
Out of Scope issues
- Previous security reviews. All reports should also be available within the
auditsfolder of each repository(for v4-periphery please refer link below) - Known Effects of Hooks
- Multi-hop swaps on v3, where a latter hop is on a low liquidity pool, and the user’s slippage requirements are met, can leave intermediate tokens in the router.
- Permit2 calls where the token provided has codesize 0 succeed
- Low liquidity pools can break our invariant of custom accounting in swaps. Namely if the amount available to swap in a pool is less than userAmountSpecified + hookDeltaInSpecified then the hook will still end up with a delta of hookDeltaInSpecified, but the user’s amountSpecified will get altered.
- Malicious tokens can drain all pools that use that token, however they should not be able to reach beyond pools of the same token.
- In v3, a swap’s amountSpecified was positive for exactIn, and negative for exactOut. In v4 it is the opposite: negative for exactIn, and positive for exactOut. Think of it as the delta in the user’s balance.
- Similar to v3, our code assumes that the total supply of any token does not exceed 2^{128} - 1, i.e.
type(uint128).max. - Rebasing tokens do not work directly as liquidity in uniswap v4, only wrapped rebasing tokens should be used. However wrapping can be automated through the use of hooks and the BeforeSwapDelta.
- Admin / Permissioned roles: The owner of the PoolManager can set the protocol fee controller. Setting a malicious protocol fee controller should not be able to prevent initialization of new pools, nor exceed the maximum allowed protocol fee on any pools.
- yield accrued natively on blast would be lost
- 1wei of tokens may be left when removing liquidity from a position in v4
- All security researchers involved with the Uniswap V4 reviews previously are not eligible for the competition
Automated findings generated by LightChaserV3
Summary
Status
CompletedTotal reward:
$2,350,000
Findings submitted:
451
Start date:
6 Sep 2024 2:00pm (local time)
End date:
1 Oct 2024 12:00pm (local time)