Uniswap Labs Launches $2.35 Million Security Competition for v4 Upgrade

Uniswap Labs, the leading development company behind the decentralized exchange, is initiating a $2.35 million security competition as part of its upcoming v4 release.

“At Uniswap Labs, we’re focused on ensuring v4 is the most audited set of contracts ever deployed onchain,” the Uniswap team stated. This initiative is supported by the non-profit Uniswap Foundation and the web3 auditor network Cantina.

The $2.35 million prize pool claims to be the largest in the DeFi history and aims to fund independent reviews of Uniswap v4’s smart contracts and the new Universal Router system designed for swaps between ERC-20 tokens and NFTs.

Audit competitions assist teams in identifying and rectifying code vulnerabilities to prevent exploitation. This is crucial in the crypto sector, as smart contracts cannot be updated post-launch.

Uniswap v4 represents a significant shift for the innovative decentralized exchange, known for its pioneering automated market maker model. The launch is scheduled for the third quarter of the year.

The upgrade will introduce “hooks,” which are smart contract plugins that allow customization in liquidity pools, including dynamic fees, onchain limit orders, and purpose-built oracles (data feeds). The previous upgrade, v3, was released in 2021.

V4 also seeks to reduce user and liquidity provider fees by consolidating all liquidity pools into a single contract, thereby lowering the transaction costs for new pools and trade executions.

While the upgrade is highly anticipated, it has faced criticism. Like the v3 protocol, v4 will be released under a four-year Business Source License, which limits how others can use the code and raises concerns about potential violations of crypto’s open-source ethos.

In mid-2023, Uniswap Labs published the draft code for v4. The auditing competition is set to start on September 4 and will continue until the month’s end.

“Anyone can submit vulnerabilities in the v4 codebase. Rewards will be allocated based on the severity of the bug disclosed and the quality of the documentation in submissions,” the team concluded.