Uniswap Labs announced the launch of what it deems “the largest bounty in history” ahead of the Uniswap v4 release. 

The bounty program, currently underway, features payouts ranging from $2,000 up to the full $15.5 million purse for the discovery of unique vulnerabilities resulting in code change.

In order to achieve the highest payouts, bounty hunters will need to uncover a critical flaw or exploit in the Uniswap v4 core contracts code, per the terms of the program. 

Uniswap Labs announces “the largest bug bounty ever” on X.com. Source: Uniswap Labs

“Introducing the largest bug bounty in history. We're rewarding up to $15.5M to anyone that finds a critical vulnerability in v4 core contracts. Find a critical bug, become a millionaire.”

Bug bounty

It’s unclear if this is the biggest bounty program in history. For comparison, bug bounty platform Immunefi reportedly paid out a $14.82 million bounty in 2021 as part of its ongoing security efforts. 

Other notable bounty payouts include Google’s highest-ever vulnerability discovery payout of $605,000 in 2022, a year in which the company paid out a reported total of $12 million. And, more recently, Microsoft announced $4 million in cloud and AI bounties. 

Based on available data, Uniswap’s $15.5 million bounty would become the largest in recent memory if it were claimed in a single payout. 

However, according to Uniswap Labs, over 500 researchers participated in its previously held $2.35 million security competition for the unreleased v4, and no critical vulnerabilities were found. The firm said the $15.5 million program is “an extra step to ensure v4 is as secure as possible.”

The maximum payout of $15.5 million is only available to researchers who discover unique vulnerabilities in the Uniswap v4 core contracts code that result in code change. 

A table demonstrating top payout requirements for Uniswap Lab’s $15.5 millionbounty program. Source: Uniswap Labs/Cantina

Vulnerabilities deemed “critical” will be eligible for the top payout, according to the program’s details, while those labeled “high” could qualify for a payment of up to $1 million. Payouts dip to $100,000 for “medium” risk vulnerabilities and those for low-risk vulnerability findings will be paid out on a “discretionary” basis. 

Beyond the core contracts code, the program also covers vulnerabilities in “other contracts,” other websites, back ends, and Uniswap v4 wallet codes. 

Magazine: Make Ethereum feel like Ethereum again: Based rollups explained