Uniswap Labs has just announced a bug bounty program claimed to be “the largest in history,” just ahead of the Uniswap v4 launch.

This program is currently being rolled out, with rewards ranging from $2,000 to a maximum of $15.5 million, awarded to those who discover serious vulnerabilities leading to source code changes.

To receive the highest reward, security researchers need to discover critical bugs or vulnerabilities in the core contract code of Uniswap v4, according to the program's conditions.

“We are proud to introduce the largest bug bounty in history. By discovering serious vulnerabilities in the core contracts of v4, you can earn up to $15.5 million. Find serious bugs, become a millionaire.”

In terms of size and value, there is no definitive information on whether this is the largest bug bounty program ever. However, for comparison, the bug bounty platform Immunefi paid out $14.82 million in 2021 as part of ongoing security efforts.

Other notable rewards include the highest vulnerability discovery payment from Google worth $605,000 in 2022, in a year when Google spent a total of $12 million on bug bounty programs. Recently, Microsoft also announced a bounty of up to $4 million for cloud and AI-related vulnerabilities.

Based on available data, Uniswap's $15.5 million reward will become the largest payout in recent memory if the entire amount is claimed at once.

According to Uniswap Labs, over 500 researchers participated in the previous $2.35 million security competition for the yet-to-be-released Uniswap v4, but did not discover any serious vulnerabilities. The company stated that the $15.5 million bounty program is “an additional step to ensure that version v4 achieves the highest level of security.”

The maximum reward of $15.5 million only applies to researchers who discover serious vulnerabilities in the core contract code of Uniswap v4, leading to source code changes.

A table showing the highest payment requirements for Uniswap Labs' $15.5 million bounty program | Source: Uniswap Labs/Cantina

Vulnerabilities rated as “critical” will qualify for the highest rewards, while “high” vulnerabilities can earn up to $1 million. Vulnerabilities with a “medium” risk level will earn up to $100,000, while low-risk vulnerability discoveries will be paid based on the program's discretion.

In addition to the core contracts, the program also includes detecting vulnerabilities in “other contracts,” websites, backend systems, and wallets of Uniswap v4.


Source: https://tapchibitcoin.io/uniswap-cong-bo-chuong-trinh-thuong-loi-lon-nhat-lich-su.html