Uniswap Offers $15.5 Million Reward for Finding Vulnerabilities in New Upgrade

Uniswap, the leading decentralized exchange, has introduced an unprecedented $15.5 million bug bounty program aimed at identifying vulnerabilities in its upcoming v4 upgrade.

This new offering sets a record for the largest bug bounty in the industry, surpassing the previous $15 million reward from LayerZero.

The bounty, however, comes with specific conditions. To qualify for the full payout, a vulnerability must be classified as “critical” and not involve third-party contracts or applications. Uniswap has emphasized that the goal is to ensure the security of the core v4 contracts, which have already undergone nine independent audits and additional testing.

Despite the size of the bounty, some have raised questions about how Uniswap is defining the term “bug bounty.” While the $15.5 million reward is being marketed as the largest in history, there have been previous instances where platforms, like Mixin Network, offered similar amounts as a means to incentivize hackers to return stolen assets, though that use of the term was controversial. Unlike those cases, Uniswap’s program is focused purely on identifying vulnerabilities before exploitation.

Uniswap’s decision to offer such a significant bounty reflects both a strategic move and a demonstration of confidence. In addition to the independent audits, the platform held a $2.35 million security competition to further strengthen its code. Some industry analysts speculate that the reward amount is partly to outdo LayerZero, which offered a $15 million bounty in 2023.

Importantly, the $15.5 million reward is only available for “critical” vulnerabilities in the core code. Lesser issues could still result in substantial payouts ranging from $1 million to $100,000, but third-party contracts, previously identified problems, and any bugs unrelated to the v4 core do not qualify for the full reward.