Uniswap, one of many largest decentralized exchanges, says it is going to award $15.5 million to anybody who can discover vulnerabilities within the newest model of its namesake protocol. The scale of the reward—which the corporate says is the biggest ever so-called “bug bounty”—is meant to make sure the most recent evolution of the protocol, generally known as Uniswap v4, is as safe as doable.
The concept behind bug bounty packages, that are extensively used within the tech sector, is to incentivize non-malicious hackers—generally known as “white hats”—to find vulnerabilities in laptop code earlier than unhealthy guys do.
Uniswap v4 builds off of v3, which launched in 2021, and seeks to make transactions cheaper and extra customizable. Uniswap is unrolling the bug bounty as the event section involves an finish, and selected to make the award $15.5 million in an effort to beat out LayerZero, a cross-chain messaging protocol, which provided a $15 million bug bounty in 2023.
The latest model of the protocol has already gone by means of a number of safety checks, together with 9 unbiased audits and a $2.35 million safety competitors by which 500 researchers participated and no extreme vulnerabilities had been discovered, the corporate mentioned in an announcement.
Whereas v4’s safety has been repeatedly evaluated, Uniswap is taking this additional step to make sure their protocol is theft-proof as a result of it handles billions of {dollars} price of quantity on a regular basis and as soon as it’s deployed it can’t be modified.
“The Uniswap protocol serves as critical infrastructure for DeFi, and has secured over $2.5 trillion in trading volume, and v4 introduces limitless customization,” mentioned Hayden Adams, CEO of Uniswap Labs. “This $15.5m bug bounty is the largest in history, reflecting our commitment to building secure smart contracts for all the users and developers building on top.”
This system solely covers bugs discovered within the Uniswap v4 core contracts and doesn’t embrace, “third party contracts that were not deployed by Uniswap Labs, issues already listed in the audits for the contracts in the v4 repository, bugs in third party contracts or applications that use contracts deployed by Uniswap Labs, or issues already known internally,” in accordance with the assertion.
Not all profitable hackers will get $15.5 million. The payouts are primarily based on a tiered strategy that categorizes every bug utilizing a danger rating. The reward for locating a “critical” bug is $15.5 million, whereas a “high” danger bug will get $1 million and a “medium” danger bug will get $100,000.
To be eligible for the reward, bugs should be reported inside 24 hours of discovery and stored confidential till the difficulty is resolved.
These kinds of packages have been round because the Eighties when a software program firm known as Hunter and Prepared first provided a Volkswagen Beetle, or “bug,” to anybody who may discover a vulnerability of their working system. Since then, they’ve turn out to be more and more common within the tech world and are typically utilized by the U.S. authorities.
