On November 26, news came that Uniswap Labs launched a $15.5 million official bug bounty program for v4, incentivizing responsible vulnerability disclosure. All reports must be submitted directly to the v4 Bug Bounty page on Cantina within 24 hours of discovery. The official statement mentions that vulnerabilities in third-party contracts that are not deployed by Uniswap Labs, issues listed in contract audits in the v4 repository, vulnerabilities in third-party contracts or applications using contracts deployed by Uniswap Labs, and issues flagged in previous internal reviews, competitions, and audits are not within the scope of the program. Currently, external contracts for Uniswap v4 are not included in the scope, but they are expected to be added to the bug bounty program soon.