Bug bounty presence & max payout

Uniswap (v2 + v3)'s assessment for RD-F-007 — scored green on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

Cantina bug bounty active: $2,250,000 maximum payout. Covers V2, V3, UniswapX, Universal Router, Permit2, web interface, and other Uniswap Labs-deployed contracts where user funds are at risk. One of the largest DeFi bug bounties. Contact: security@uniswap.org. Green.

Detail #

The Cantina bug bounty program was announced in the Uniswap Labs bug bounty update blog post. The $2.25M maximum payout exceeds the $500K green threshold by 4.5x. The V3 launch-era bug bounty was $500K (exactly at threshold); the current combined program is substantially larger. The scope explicitly names V2 and V3 smart contracts among the covered assets.

Sources #

URL
Uniswap Labs Cantina Bug Bounty PageCantina bounty pageretrieved 2026-04-29
Docs
Uniswap Labs Bug Bounty Update — Cantina $2.25MUniswap Labs bug bounty blog postretrieved 2026-04-29

Methodology #

Check whether a public bug bounty program is active for this protocol and record the maximum payout in USD.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol uniswap factor RD-F-007 score green collected_at 2026-05-12 10:36:11