Leaked credential on paste/sentry site
Uniswap (v2 + v3)'s assessment for RD-F-164 — scored green on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.
Evidence summary #
V2+V3 combined: No paste-site, Sentry.io, or GitHub secret scanner reports referencing Uniswap Labs infrastructure endpoints, API keys, or admin credentials identified from public-source OSINT. Uniswap GitHub org is fully public — no credentials visible in public repos. V2 and V3 core contracts are immutable — even a credential leak for Uniswap Labs servers does not enable protocol-level compromise. Uniswap Labs is a mature corporate entity with established security practices (Cantina $2.25M max bounty). Green based on available public sources.
Detail #
Signal fires when a public paste site, Sentry.io, or credential dump references Uniswap Labs infrastructure endpoints or admin keys. Critical immunity: V2 and V3 core contracts are immutable — there are no admin private keys that could be leaked that would enable on-chain protocol compromise. Credential leaks could affect the Uniswap Labs web infrastructure (app.uniswap.org hosting) or GitHub organization access, but not the on-chain AMM contracts. Uniswap Labs has a mature security program: Cantina bug bounty ($2.25M max), security@uniswap.org contact, well-known security researchers engaged. No credential leak reports found in public search for Uniswap Labs. Green based on available public sources.
Sources #
- GitHubUniswap GitHub Orggithub.com/Uniswap — public org, no credentials visible in public reposretrieved 2026-05-12
- Uniswap Labs Bug Bounty — Cantina $2.25M MaxUniswap Labs bug bounty update — Cantina program, $2.25M max payoutretrieved 2026-05-12
Methodology #
Determine whether a public paste site, Sentry-alt, or credential-dump references protocol infrastructure endpoints or API keys.
See the full factor methodology and distribution across all protocols →