Peter Zhang
Jul 20, 2024 12:47
Uniswap (UNI) Labs collaborates with Cantina to develop its bug bounty program, providing rewards as much as $2.25M for important vulnerabilities.
Uniswap (UNI) Labs has introduced a big replace to its bug bounty program, collaborating with Cantina to reinforce safety measures and reward mechanisms. This transfer goals to incentivize the invention and reporting of vulnerabilities inside the Uniswap ecosystem, in line with Uniswap Protocol.
Particulars of the Bug Bounty Program
Bugs and vulnerabilities present in Uniswap Labs’ contracts and interfaces ought to now be submitted by means of the Uniswap Labs Cantina Bug Bounty Web page. Rewards are allotted based mostly on the severity of the disclosed bug and the property in danger, with potential payouts reaching as much as $2.25 million.
This system covers vulnerabilities in any contract deployed by Uniswap Labs, in addition to Uniswap interfaces. This contains production-deployed code from particular GitHub repositories managed by Uniswap Labs. Nonetheless, vulnerabilities in third-party contracts not deployed by Uniswap Labs, points already listed in audits, and bugs in third-party purposes utilizing Uniswap contracts are excluded from this system.
Reporting and Reward Standards
To be eligible for rewards, any found vulnerabilities should be reported straight by means of the Cantina platform and stored confidential till the problem is resolved. Public disclosure or sharing with some other entity earlier than Cantina’s decision is strictly prohibited. Stories should be submitted inside 24 hours of discovering the vulnerability.
A complete report detailing the vulnerability, together with circumstances for reproducing the bug, steps to breed it, and potential implications of its exploitation, will increase the chance and quantity of the reward. Uniswap Labs retains sole discretion over reward choices, together with eligibility and fee strategies.
Program Exclusions
This system doesn’t cowl:
- Third-party contracts not deployed by Uniswap Labs
- Points already listed in audits
- Bugs in third-party purposes utilizing Uniswap contracts
- Internally recognized points
By submitting a report, contributors grant Uniswap Labs all crucial rights to validate, mitigate, and disclose the vulnerability. Those that report distinctive, previously-unreported vulnerabilities that result in code adjustments or configuration changes might be publicly acknowledged for his or her contributions, in the event that they select.
For full eligibility necessities and extra particulars, go to the Uniswap Labs Cantina Bug Bounty Web page.
Picture supply: Shutterstock