Disclosure channel exists
Uniswap (v2 + v3)'s assessment for RD-F-175 — scored green on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.
Evidence summary #
Active Cantina bug bounty ($2.25M max, all Uniswap Labs contracts in scope including V2 and V3 core). SIRT contact: security@uniswap.org. Dedaub Universal Router disclosure (2022) was received and fixed pre-deployment — channel is demonstrably functional. V2: green. V3: green. Combined: green.
Detail #
Cantina bug bounty program at https://cantina.xyz/bounties/f9df94db-c7b1-434b-bb06-d1360abdd1be covers all Uniswap Labs-deployed contracts including V2 and V3 core with $2.25M maximum payout. Source for max payout: https://blog.uniswap.org/uniswap-labs-bug-bounty-update. SIRT email: security@uniswap.org per https://github.com/Uniswap/v3-core/blob/main/bug-bounty.md. Functional evidence: the Dedaub Universal Router reentrancy disclosure (CVE-2022-48216 / GHSA-7m37-cx35-qgmr) was received by the team and the vulnerability was patched before Universal Router went live — demonstrating the channel is actively monitored and acted upon. Score: green.
Sources #
- URLUniswap Labs Bug Bounty UpdateBug bounty update blog — $2.25M max payout confirmedretrieved 2026-05-12
- Cantina: Uniswap Labs Bug BountyCantina Uniswap bounty — $2.25M max, V2 and V3 in scoperetrieved 2026-05-12
- Uniswap Universal Router Reentrancy Disclosure — DedaubDedaub disclosure — active monitoring confirmedretrieved 2026-05-12
- Uniswap V3 Core Bug Bounty Programv3-core bug-bounty.md — security@uniswap.org contactretrieved 2026-05-12
Methodology #
Determine whether the protocol publishes a public security disclosure channel (security@ email, Immunefi program, in-house disclosure page).
See the full factor methodology and distribution across all protocols →