Organization behind the decentralized exchange Uniswap, Uniswap Labs announced via the social media platform X that the Uniswap v4 security competition will conclude on October 1st. To participate in the competition, security researchers must submit vulnerability reports by the deadline.
The Uniswap v4 security competition features a total prize pool of $2,350,000, which includes a Primary Prize Pool of $2,250,000 and a Formal Verification Prize Pool of $100,000.
The distribution of the Primary Prize Pool is based on the severity of the vulnerabilities discovered. If one or more valid low-severity findings are identified, the prize is $50,000. For one or more valid medium-severity findings, the prize increases to $300,000. In the case of one or more valid high-severity findings, the prize reaches $1,050,000. Finally, if one or more valid critical-severity findings are reported, the prize totals $2,250,000.
A total of $50,000 from the prize pool is allocated for low-severity findings. Reports will be evaluated based on their quality, and reviewers will be ranked from 1st to 10th to determine prize distribution. Uniswap Labs encourages participants to submit high-quality, non-trivial reports for low-severity vulnerabilities.
Moreover, there is an additional $100,000 set aside for the formal verification pool. This component of the competition involves utilizing the Certora Prover to formally verify specific properties within the Solidity smart contracts being assessed. Participants are motivated to implement and verify properties that achieve high coverage.
The scope of the competition encompasses v4-core (commit: 18b223c), v4-periphery (commit: 151b282), and universal-router (commit: a81e1ce). Among the dispatcher contracts involved the functions: V4_POSITION_CALL, V3_POSITION_MANAGER_CALL, V3_POSITION_MANAGER_PERMIT, and V4_SWAP. The chains participating include Ethereum mainnet, Arbitrum, Avalanche, Base, and Blast, among others.
Uniswap Outlines Severity Levels For Vulnerability Findings
According to the defined severity levels, a critical severity finding is triggered when a high severity issue results in losses of 50% to 100% of the TVL across all chains. A high severity finding occurs when the losses range from 5% to 50% of the total TVL.
Medium severity is classified as a denial of service (DoS) attack that prevents access to more than 5% of the total TVL for over one minute, incurring costs that are less than the value of the affected funds. Additionally, individual losses, such as theft, waste, or permanent freezing, that impact at least 1% of users who lose a minimum of 1% of their invested funds also fall under this category.
Low severity is defined as a DoS attack that restricts access to more than 1% of the TVL for more than one minute, again at a cost lower than the value of the funds involved. This category also includes any individual losses of at least 1% of a user’s funds.
The post Uniswap Labs: Uniswap V4 Security Competition To Conclude On October 1st appeared first on Metaverse Post.
