According to TechFlow, Uniswap Labs has launched a $15.5 million official bug bounty program for v4 to encourage responsible vulnerability disclosure. All reports must be submitted to the v4 Bug Bounty page on Cantina within 24 hours of discovery.
Uniswap Labs said that undeployed third-party contracts, issues listed in the v4 repository, vulnerabilities in third-party contracts or applications that use Uniswap Labs deployed contracts, and issues flagged in previous internal reviews, competitions, and audits are not within the scope of the plan.
Uniswap v4 peripheral contracts are currently out of scope, but are expected to be added to the bug bounty program soon.