According to BlockBeats news on November 26, Uniswap Labs launched a $15.5 million official bug bounty program for v4, incentivizing responsible vulnerability disclosure. All reports must be submitted directly to the v4 Bug Bounty page on Cantina within 24 hours of discovery.
The official claims that third-party contracts not deployed by Uniswap Labs, issues listed in the v4 repository contract audit, vulnerabilities in third-party contracts or applications using contracts deployed by Uniswap Labs, and issues marked in previous internal reviews, competitions, and audits are not within the scope of the plan.
Uniswap v4 peripheral contracts are currently out of scope, but they are expected to be added to the bug bounty program soon.
