Uniswap (UNI) Labs Enhances Bug Bounty Program with Cantina Partnership
Peter
Zhang
Jul
20,
2024
12:47
Uniswap
(UNI)
Labs
collaborates
with
Cantina
to
expand
its
bug
bounty
program,
offering
rewards
up
to
$2.25M
for
critical
vulnerabilities.
Uniswap
(UNI)
Labs
has
announced
a
significant
update
to
its
bug
bounty
program,
collaborating
with
Cantina
to
enhance
security
measures
and
reward
mechanisms.
This
move
aims
to
incentivize
the
discovery
and
reporting
of
vulnerabilities
within
the
Uniswap
ecosystem,
according
to
Uniswap
Protocol.
Details
of
the
Bug
Bounty
Program
Bugs
and
vulnerabilities
found
in
Uniswap
Labs’
contracts
and
interfaces
should
now
be
submitted
through
the
Uniswap
Labs
Cantina
Bug
Bounty
Page.
Rewards
are
allocated
based
on
the
severity
of
the
disclosed
bug
and
the
assets
at
risk,
with
potential
payouts
reaching
up
to
$2.25
million.
The
program
covers
vulnerabilities
in
any
contract
deployed
by
Uniswap
Labs,
as
well
as
Uniswap
interfaces.
This
includes
production-deployed
code
from
specific
GitHub
repositories
managed
by
Uniswap
Labs.
However,
vulnerabilities
in
third-party
contracts
not
deployed
by
Uniswap
Labs,
issues
already
listed
in
audits,
and
bugs
in
third-party
applications
using
Uniswap
contracts
are
excluded
from
the
program.
Reporting
and
Reward
Criteria
To
be
eligible
for
rewards,
any
discovered
vulnerabilities
must
be
reported
directly
through
the
Cantina
platform
and
kept
confidential
until
the
issue
is
resolved.
Public
disclosure
or
sharing
with
any
other
entity
before
Cantina’s
resolution
is
strictly
prohibited.
Reports
must
be
submitted
within
24
hours
of
discovering
the
vulnerability.
A
comprehensive
report
detailing
the
vulnerability,
including
conditions
for
reproducing
the
bug,
steps
to
reproduce
it,
and
potential
implications
of
its
exploitation,
increases
the
likelihood
and
amount
of
the
reward.
Uniswap
Labs
retains
sole
discretion
over
reward
decisions,
including
eligibility
and
payment
methods.
Program
Exclusions
The
program
does
not
cover:
-
Third-party
contracts
not
deployed
by
Uniswap
Labs -
Issues
already
listed
in
audits -
Bugs
in
third-party
applications
using
Uniswap
contracts -
Internally
known
issues
By
submitting
a
report,
participants
grant
Uniswap
Labs
all
necessary
rights
to
validate,
mitigate,
and
disclose
the
vulnerability.
Those
who
report
unique,
previously-unreported
vulnerabilities
that
lead
to
code
changes
or
configuration
adjustments
will
be
publicly
recognized
for
their
contributions,
if
they
choose.
For
full
eligibility
requirements
and
more
details,
visit
the
Uniswap
Labs
Cantina
Bug
Bounty
Page.
Image
source:
Shutterstock
Comments are closed.