Audit recency

Uniswap (v2 + v3)'s assessment for RD-F-002 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

V2: dapp.org.uk audit dated 2020 (~72 months ago). V3: ToB + ABDK audits dated March 2021 (~50 months ago). Both are fully immutable — audit recency is structurally less critical than for upgradeable systems; no code can change post-deploy. Governance contracts (GovernorBravoDelegator, Timelock) have no dedicated recent audit — the most meaningful recency gap. Cantina live bounty ($2.25M) provides ongoing coverage incentive. Scored yellow: V2 (72 months) is the worse version.

Detail #

V2 audit by dapp.org.uk completed approximately April 2020 before the May 18 2020 launch. V3 audits by Trail of Bits (March 12 2021) and ABDK (March 2021) pre-date the May 5 2021 launch. Since then, both V2 and V3 core contracts have been immutable — there is nothing to re-audit on the deployed bytecode. UniversalRouter received more recent audits (ABDK, OpenZeppelin, Spearbit). Permit2 was audited by ABDK + Chainsecurity. The governance contracts (GovernorBravoDelegator 0x408ED6... and Timelock 0x1a9C81...) have no identified dedicated audit covering them as contracts running in the Uniswap governance context.

Sources #

GitHub
UniversalRouter audits — ABDK, OZ, Spearbit PDFsUniversalRouter audits directoryretrieved 2026-05-12
Audit
dapp.org.uk — Uniswap V2 audit (2020)dapp.org.uk V2 auditretrieved 2026-05-12
GitHub
v3-core audits — ToB (March 2021) and ABDK (March-April 2021)v3-core audits directoryretrieved 2026-05-12

Methodology #

Measure the number of days between today and the sign-off date of the most recent audit report covering the currently-deployed bytecode.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol uniswap factor RD-F-002 score yellow collected_at 2026-05-12 10:36:11