#1
Uniswap Labs has announced that it will pay up to $15.5 million for the discovery of a critical vulnerability in the core contracts of the fourth version of the Uniswap non-custodial exchange protocol.

https://x.com/Uniswap/status/1861409607505064238

According to the statement, the reward is the largest in the history of bounty programs.

The v4 protocol is designed to dramatically reduce commission costs for liquidity providers and users, as well as customize the platform through the use of “hooks”. These are contracts that developers can create to customize the interaction of pools, swaps, fees, and other options.

At the beginning of the year, the Uniswap team announced the launch of the fourth iteration of the protocol in Q3.

According to the developers, Uniswap v4 is among the most audited codebases in DeFi. The protocol has passed nine independent audits from OpenZeppelin, Spearbit, Certora, Trail of Bits, ABDK, and Pashov Audit Group. In addition, 500 researchers took part in a competition to find critical vulnerabilities with a maximum reward of $2.5 million.

“As we approach deployment, we are taking additional steps to ensure v4 is as secure as possible with a bug bounty of $15.5 million,” Uniswap Labs emphasized.

The program includes finding bugs in Uniswap's core contracts. The maximum payout is assigned for vulnerabilities with a critical risk. For the detection of a high-level threat, $1 million is awarded, and for a medium one - $100,000.

Rewards are also provided for bugs in Uniswap peripheral contracts outside of v4. Here, the maximum amount is $2.25 million. Much smaller rewards can be earned for errors found in the web interface, backend and mobile wallet of the exchange.

The total amount of the bounty program declared by the exchange reaches $44.4 million.