Uniswap announces $15.5m bug bounty for v4

Uniswap Labs has launched a significant bug bounty program, offering up to $15.5 million for identifying critical vulnerabilities in its v4 core contracts.

The Uniswap (UNI) said in an announcement on Nov. 26 that this bug bounty is the “largest” ever introduced.

v4 is Uniswap’s latest network upgrade, designed to transform the protocol into a hub for developers. The upgrade introduces hooks—contracts that allow developers to customize user interactions across pools, swaps, and liquidity provision—unlocking new assets and market structures.

Uniswap v4 has undergone nine key codebase reviews by firms including OpenZeppelin, ABDK, Spearbit, Certora, and Trail of Bits.

The project has also attracted over 500 researchers through its $2.35 million security competition. While no critical vulnerabilities have been found so far, Uniswap Labs is exercising extra caution as the v4 deployment approaches.

“As deployment approaches, we’re taking an extra step to ensure v4 is as secure as possible with the $15.5M bug bounty,” the Uniswap Labs team said via X.

Bug bounty programs are widely used to enhance security and user protection, particularly in an ecosystem frequently targeted by crypto attacks and network exploits. These programs encourage ethical hackers to identify vulnerabilities in exchange for rewards.

In April 2023, hackers exploited Uniswap using sandwich attacks, resulting in the theft of approximately $25.2 million worth of crypto.