Bug bounty scope gap on highest-TVL contracts

Uniswap (v2 + v3)'s assessment for RD-F-183 — scored green on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

Cantina bug bounty ($2.25M max) explicitly covers V2 and V3 smart contracts, Universal Router, Permit2, and other Uniswap Labs-deployed contracts where user funds are at risk. Highest-TVL contracts (V2 ~$968M, V3 ~$1.78B) are in scope. No bounty scope gap on highest-TVL contracts. Combined: green.

Detail #

The Uniswap Labs bug bounty update blog post explicitly names 'Universal Router, Permit2, V3, UniswapX, and V2 smart contracts' as within scope, plus 'other Uniswap Labs-deployed contracts where user funds are at risk (case-by-case).' This covers the highest-TVL contracts (V2 Factory/Pairs with ~$968M TVL; V3 Factory/Pools with ~$1.78B TVL). This is the inverse of the Kelp DAO pattern where the highest-TVL OFT adapter was explicitly excluded. The $2.25M max payout further incentivizes whitehat disclosure on the highest-value contracts.

Sources #

Docs
Uniswap Labs Bug Bounty Update — full scope including V2 and V3Uniswap Labs bug bounty blog post — Cantina scope textretrieved 2026-05-12
URL
Uniswap Labs Cantina Bug Bounty — scope confirmationCantina bounty page — in-scope contractsretrieved 2026-05-12

Methodology #

Determine whether the highest-TVL contracts of this protocol (especially shared primitives: OFT adapters, ZK verifiers, bridge inbox) are explicitly excluded from the protocol's active bug bounty scope.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol uniswap factor RD-F-183 score green collected_at 2026-05-12 10:36:11