Uniswap, one of many largest decentralized exchanges, says it should award $15.5 million to anybody who can discover vulnerabilities within the newest model of its namesake protocol. The dimensions of the reward—which the corporate says is the biggest ever so-called “bug bounty”—is meant to make sure the newest evolution of the protocol, generally known as Uniswap v4, is as safe as doable.
The concept behind bug bounty applications, that are extensively used within the tech sector, is to incentivize non-malicious hackers—generally known as “white hats”—to find vulnerabilities in laptop code earlier than dangerous guys do.
Uniswap v4 builds off of v3, which launched in 2021, and seeks to make transactions cheaper and extra customizable. Uniswap is unrolling the bug bounty as the event section involves an finish, and selected to make the award $15.5 million so as to beat out LayerZero, a cross-chain messaging protocol, which provided a $15 million bug bounty in 2023.
The latest model of the protocol has already gone by a number of safety checks, together with 9 impartial audits and a $2.35 million safety competitors during which 500 researchers participated and no extreme vulnerabilities had been discovered, the corporate stated in a press release.
Whereas v4’s safety has been repeatedly evaluated, Uniswap is taking this additional step to make sure their protocol is theft-proof as a result of it handles billions of {dollars} price of quantity on a regular basis and as soon as it’s deployed it can’t be modified.
“The Uniswap protocol serves as crucial infrastructure for DeFi, and has secured over $2.5 trillion in buying and selling quantity, and v4 introduces limitless customization,” stated Hayden Adams, CEO of Uniswap Labs. “This $15.5m bug bounty is the biggest in historical past, reflecting our dedication to constructing safe good contracts for all of the customers and builders constructing on high.”
This system solely covers bugs discovered within the Uniswap v4 core contracts and doesn’t embrace, “third occasion contracts that weren’t deployed by Uniswap Labs, points already listed within the audits for the contracts within the v4 repository, bugs in third occasion contracts or functions that use contracts deployed by Uniswap Labs, or points already identified internally,” in keeping with the assertion.
Not all profitable hackers will get $15.5 million. The payouts are primarily based on a tiered strategy that categorizes every bug utilizing a threat rating. The reward for locating a “crucial” bug is $15.5 million, whereas a “excessive” threat bug will get $1 million and a “medium” threat bug will get $100,000.
To be eligible for the reward, bugs have to be reported inside 24 hours of discovery and saved confidential till the problem is resolved.
Some of these applications have been round for the reason that Eighties when a software program firm referred to as Hunter and Prepared first provided a Volkswagen Beetle, or “bug,” to anybody who may discover a vulnerability of their working system. Since then, they’ve turn into more and more standard within the tech world and are typically utilized by the U.S. authorities.