Around this time, Uniswap also announced a bug bounty program to identify vulnerabilities in its smart contracts. Security and auditing firm Dedaub recently received a bug bounty from Uniswap after discovering and reporting a vulnerability in the Universal Router smart contract. This vulnerability could have allowed reentrancy attacks to drain user funds mid-transaction. Dedaub suggested a simple fix for the issue, and Uniswap rewarded the firm with $40,000, including a 33% bonus for reporting the issue during Uniswap's bonus period in November 2022. Uniswap classified the issue as medium severity, but it was deemed to have a high impact and low likelihood.
The Importance of Bug Bounties in the Cryptocurrency and Blockchain Space
Uniswap is a decentralized exchange platform that allows users to trade various types of tokens, including ERC-20 and NFTs, through its automated market maker. In November 2022, it launched two new smart contracts: Permit2 and Universal Router. Permit2 allows token approvals to be shared and managed across different applications, while Universal Router unifies ERC-20 and NFT swapping into a single swap router.
Uniswap also advertised a bug bounty program at the end of 2022, offering rewards to those who could identify vulnerabilities in its smart contracts. The program's goal was to ensure the safety and efficacy of the Uniswap protocol.
Smart contract security and auditing firm Dedaub took advantage of the bug bounty program by flagging a vulnerability in the Universal Router smart contract. This vulnerability could have allowed reentrancy attacks, a type of exploit that allows an attacker to repeatedly call a function in a smart contract and drain user funds. Dedaub suggested a simple fix for the issue and was awarded a total of $40,000 by Uniswap for its efforts, including a 33% bonus for reporting the issue during Uniswap's bonus period in November 2022.
Uniswap classified the issue as medium severity, but it was deemed to have a high impact and low likelihood. Bug bounties like this one have become common in the cryptocurrency and blockchain space as a way for companies to ensure the security of their software and systems. For instance, Coinbase recently clarified the terms of its bug bounty program. At the same time, Immunefi, a blockchain security firm, has facilitated over $65 million worth of bug bounties between ethical hackers and Web3 firms in 2022.
