defirisk.co
rubric v1.7.0

Prior known-ignored disclosure

Uniswap (v2 + v3)'s assessment for RD-F-177 — scored green on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

No post-mortem or third-party analysis documents a Uniswap Labs disclosure received and not actioned before any incident. Dedaub Universal Router disclosure was received and fixed pre-deployment (no exploit occurred). V2 oracle consumer events involved no Uniswap Labs disclosure loop. Combined: green.

Detail #

V2: No post-mortem documents a disclosure received by Uniswap Labs and ignored before any event. The three V2 oracle consumer events (Visor Finance, Inverse Finance x2) did not involve a disclosure to Uniswap Labs — they were failures of third-party consumer protocols whose developers did not read or heed V2's own documentation warnings about TWAP manipulation cost. V3: The Dedaub Universal Router reentrancy disclosure (2022) was received by the team and acted upon — the fix was deployed in v1.1.0 before the Universal Router went live. No exploit occurred. No other post-mortem credits an ignored disclosure against Uniswap Labs. Hacksdatabase: 45 files reference 'uniswap'; none document an ignored Uniswap Labs disclosure. Score: green.

Sources #

Methodology #

Determine whether evidence exists in prior-incident post-mortems that a disclosed vulnerability was reported to the team and not actioned before exploit.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol uniswap factor RD-F-177 score green collected_at 2026-05-12 10:36:11