Category: Request for comment Authors: Skylock.xyz, @eek637
This proposal outlines Uniswap Governance’s adoption of the SEAL (Security Alliance) Whitehat Safe Harbor Agreement (“Safe Harbor Agreement”). By adopting Safe Harbor, Uniswap improves the security of its on-chain assets by allowing whitehats to intervene during active exploits to save protocol funds.
The Safe Harbor Agreement addresses a critical need in crypto: enabling whitehats to intervene during active exploits when traditional responsible disclosure procedures are not feasible.
Key aspects of the agreement include:
For more information, check out the Safe Harbor Agreement here.
Uniswap, by design, does not include a pause function, meaning the protocol cannot be halted in the event of an exploit. This makes it essential to have a mechanism that allows rapid response and asset recovery during emergencies.
The Safe Harbor Agreement provides this necessary solution, empowering whitehats to act immediately during an exploit, offering a swift and structured recovery process without needing to pause the protocol.
Benefits of adopting the Safe Harbor Agreement include:
Adoption of the agreement complements audits by providing an additional layer of security, ensuring that the protocol is better prepared to respond to active threats.
Uniswap will adopt the agreement with the following parameters. For a full description of these adoption details, review the Safe Harbor for Protocols document.
| Chain | Address |
|---|---|
| Ethereum | 0x1a9C8182C09F50C8318d769245beA52c32BE35BC |
| Arbitrum | 0x2BAD8182C09F50c8318d769245beA52C32Be46CD |
| Avalanche | 0xeb0BCF27D1Fb4b25e708fBB815c421Aeb51eA9fc |
| Base | 0x31FAfd4889FA1269F7a13A66eE0fB458f27D72A9 |
| Blast | 0x2339C0d23b60739B3E5ABF201F05903D24A26C77 |
| Boba | 0x53163235746CeB81Da32293bb0932e1A599256B4 |
| BSC | 0x341c1511141022cf8eE20824Ae0fFA3491F1302b |
| Celo | 0x0Eb863541278308c3A64F8E908BC646e27BFD071 |
| Filecoin EVM | 0xFf3b2DA1379cc67cc2755194604713f10b820b0E |
| Gnosis | 0xfFA5599136fBaB9af7799A6703b57BB33E5390Cf |
| Linea | 0x581F86Da293A1D5Cd087a10E7227a75d2d2201A8 |
| Manta Pacific | 0x683553d74D9779955a15d57D208234C956B6Eae6 |
| Mantle | 0x9b7aC6735b23578E81260acD34E3668D0cc6000A |
| Moonbeam | 0xB2af16D6c7074228fC487F17929De830303E6531 |
| Optimism | 0xa1dD330d602c32622AA270Ea73d078B803Cb3518 |
| Polygon | 0x8a1B966aC46F42275860f905dbC75EfBfDC12374 |
| Polygon zkEVM | 0x1808cc3ffb04e8bB67BfEB5510D44e62cF380717 |
| Redstone | 0x2d00e94d78Fc307FC5E6195BBe2fB6aFC2FC07d4 |
| Rootstock | 0x38aE7De6f9c51e17f49cF5730DD5F2d29fa20758 |
| Scroll | 0xEfc9D1096fb65c832207E5e7F13C2D1102244dbe |
| Sei | 0xe75358526ef4441db03ccaeb9a87f180fae80eb9 |
| Taiko | 0xf6b53E8dA8bc7dbddB8E7B39635d17D7CCdCD6E5 |
| WorldChain | 0xcb2436774C3e191c85056d248EF4260ce5f27A9D |
| ZkSync | 0x2BAD8182C09F50c8318d769245beA52C32Be46CD |
| Zora | 0x36eEC182D0B24Df3DC23115D64DB521A93D5154f |
| Chain | Name | Address | Type (None, Existing Only, All) |
|---|---|---|---|
| Ethereum | UniswapV1Factory | 0xc0a47dFe034B400B47bDaD5FecDa2621de6c4d95 | All |
| Ethereum | UniswapV2Factory | 0x5C69bEe701ef814a2B6a3EDD4B1652CB9cc5aA6f | All |
| Arbitrum | UniswapV2Factory | 0xf1D7CC64Fb4452F05c498126312eBE29f30Fbcf9 | All |
| Avalanche | UniswapV2Factory | 0x9e5A52f57b3038F1B8EeE45F28b3C1967e22799C | All |
| Base | UniswapV2Factory | 0x8909Dc15e40173Ff4699343b6eB8132c65e18eC6 | All |
| Blast | UniswapV2Factory | 0x5C346464d33F90bABaf70dB6388507CC889C1070 | All |
| Boba | UniswapV2Factory | 0x40a26d18440948d8eE121b78ca4e88C37D30143b | All |
| BSC | UniswapV2Factory | 0x8909Dc15e40173Ff4699343b6eB8132c65e18eC6 | All |
| Celo | UniswapV2Factory | 0x114a43df6c5f54ebb8a9d70cd1951d3dd68004c7 | All |
| Filecoin EVM | UniswapV2Factory | 0x114a43df6c5f54ebb8a9d70cd1951d3dd68004c7 | All |
| Gnosis | UniswapV2Factory | 0x8c8b524ce7c9D2e3f59aB6711bE4Ac826FA46a0f | All |
| Linea | UniswapV2Factory | 0x114a43df6c5f54ebb8a9d70cd1951d3dd68004c7 | All |
| Moonbeam | UniswapV2Factory | 0x114a43df6c5f54ebb8a9d70cd1951d3dd68004c7 | All |
| Optimism | UniswapV2Factory | 0x0c3c1c532F1e39EdF36BE9Fe0bE1410313E074Bf | All |
| Polygon | UniswapV2Factory | 0x9e5A52f57b3038F1B8EeE45F28b3C1967e22799C | All |
| Rootstock | UniswapV2Factory | 0x114a43df6c5f54ebb8a9d70cd1951d3dd68004c7 | All |
| Scroll | UniswapV2Factory | 0x114a43df6c5f54ebb8a9d70cd1951d3dd68004c7 | All |
| WorldChain | UniswapV2Factory | 0x5C69bEe701ef814a2B6a3EDD4B1652CB9cc5aA6f | All |
| Zora | UniswapV2Factory | 0x0F797dC7efaEA995bB916f268D919d0a1950eE3C | All |
| Ethereum | UniswapV3Factory | 0x1F98431c8aD98523631AE4a59f267346ea31F984 | All |
| Arbitrum | UniswapV3Factory | 0x1F98431c8aD98523631AE4a59f267346ea31F984 | All |
| Avalanche | UniswapV3Factory | 0x740b1c1de25031C31FF4fC9A62f554A55cdC1baD | All |
| Base | UniswapV3Factory | 0x33128a8fC17869897dcE68Ed026d694621f6FDfD | All |
| Blast | UniswapV3Factory | 0x792edAdE80af5fC680d96a2eD80A44247D2Cf6Fd | All |
| Boba | UniswapV3Factory | 0xFFCd7Aed9C627E82A765c3247d562239507f6f1B | All |
| BSC | UniswapV3Factory | 0xdB1d10011AD0Ff90774D0C6Bb92e5C5c8b4461F7 | All |
| Celo | UniswapV3Factory | 0xAfE208a311B21f13EF87E33A90049fC17A7acDEc | All |
| Filecoin EVM | UniswapV3Factory | 0xB4C47eD546Fc31E26470a186eC2C5F19eF09BA41 | All |
| Gnosis | UniswapV3Factory | 0xe32F7dD7e3f098D518ff19A22d5f028e076489B1 | All |
| Linea | UniswapV3Factory | 0x31FAfd4889FA1269F7a13A66eE0fB458f27D72A9 | All |
| Manta Pacific | UniswapV3Factory | 0x06D830e15081f65923674268121FF57Cc54e4e23 | All |
| Mantle | UniswapV3Factory | 0x0d922Fb1Bc191F64970ac40376643808b4B74Df9 | All |
| Moonbeam | UniswapV3Factory | 0x28f1158795A3585CaAA3cD6469CD65382b89BB70 | All |
| Optimism | UniswapV3Factory | 0x1F98431c8aD98523631AE4a59f267346ea31F984 | All |
| Polygon | UniswapV3Factory | 0x1F98431c8aD98523631AE4a59f267346ea31F984 | All |
| Polygon zkEVM | UniswapV3Factory | 0xff83c3c800Fec21de45C5Ec30B69ddd5Ee60DFC2 | All |
| Redstone | UniswapV3Factory | 0xece75613Aa9b1680f0421E5B2eF376DF68aa83Bb | All |
| Rootstock | UniswapV3Factory | 0xaF37EC98A00FD63689CF3060BF3B6784E00caD82 | All |
| Scroll | UniswapV3Factory | 0x70C62C8b8e801124A4Aa81ce07b637A3e83cb919 | All |
| Sei | UniswapV3Factory | 0x75FC67473A91335B5b8F8821277262a13B38c9b3 | All |
| Taiko | UniswapV3Factory | 0x75FC67473A91335B5b8F8821277262a13B38c9b3 | All |
| WorldChain | UniswapV3Factory | 0x7a5028BDa40e7B173C278C5342087826455ea25a | All |
| ZkSync | UniswapV3Factory | 0x8FdA5a7a8dCA67BBcDd10F02Fa0649A937215422 | All |
| Zora | UniswapV3Factory | 0x7145F8aeef1f6510E92164038E1B6F8cB2c42Cbb | All |
| Ethereum | FranchiserFactory | 0xf754A7E347F81cFdc70AF9FbCCe9Df3D826360FA | All |
| Ethereum | UniStaker | 0xE3071e87a7E6dD19A911Dbf1127BA9dD67Aa6fc8 | All |
| Ethereum | V3FactoryOwner | 0x2e27332b25Ce245F6628377bc83573A001313C58 | All |
Contact Details: Designated security contact for Uniswap
Bounty Terms: Predetermined rewards for successful whitehats that protect protocol funds
Adopting the SEAL Whitehat Safe Harbor Agreement equips Uniswap with a rapid response mechanism for active exploits, enabling whitehats to step in effectively when needed most. The agreement provides clear guidelines for action, increasing the protection of user funds and demonstrating Uniswap's commitment to proactive security.
Please share your thoughts and feedback in the discussion below before the proposal moves to a formal vote.
Category: Request for comment Authors: Skylock.xyz, @eek637
This proposal outlines Uniswap Governance’s adoption of the SEAL (Security Alliance) Whitehat Safe Harbor Agreement (“Safe Harbor Agreement”). By adopting Safe Harbor, Uniswap improves the security of its on-chain assets by allowing whitehats to intervene during active exploits to save protocol funds.
The Safe Harbor Agreement addresses a critical need in crypto: enabling whitehats to intervene during active exploits when traditional responsible disclosure procedures are not feasible.
Key aspects of the agreement include:
For more information, check out the Safe Harbor Agreement here.
Uniswap, by design, does not include a pause function, meaning the protocol cannot be halted in the event of an exploit. This makes it essential to have a mechanism that allows rapid response and asset recovery during emergencies.
The Safe Harbor Agreement provides this necessary solution, empowering whitehats to act immediately during an exploit, offering a swift and structured recovery process without needing to pause the protocol.
Benefits of adopting the Safe Harbor Agreement include:
Adoption of the agreement complements audits by providing an additional layer of security, ensuring that the protocol is better prepared to respond to active threats.
Uniswap will adopt the agreement with the following parameters. For a full description of these adoption details, review the Safe Harbor for Protocols document.
| Chain | Address |
|---|---|
| Ethereum | 0x1a9C8182C09F50C8318d769245beA52c32BE35BC |
| Arbitrum | 0x2BAD8182C09F50c8318d769245beA52C32Be46CD |
| Avalanche | 0xeb0BCF27D1Fb4b25e708fBB815c421Aeb51eA9fc |
| Base | 0x31FAfd4889FA1269F7a13A66eE0fB458f27D72A9 |
| Blast | 0x2339C0d23b60739B3E5ABF201F05903D24A26C77 |
| Boba | 0x53163235746CeB81Da32293bb0932e1A599256B4 |
| BSC | 0x341c1511141022cf8eE20824Ae0fFA3491F1302b |
| Celo | 0x0Eb863541278308c3A64F8E908BC646e27BFD071 |
| Filecoin EVM | 0xFf3b2DA1379cc67cc2755194604713f10b820b0E |
| Gnosis | 0xfFA5599136fBaB9af7799A6703b57BB33E5390Cf |
| Linea | 0x581F86Da293A1D5Cd087a10E7227a75d2d2201A8 |
| Manta Pacific | 0x683553d74D9779955a15d57D208234C956B6Eae6 |
| Mantle | 0x9b7aC6735b23578E81260acD34E3668D0cc6000A |
| Moonbeam | 0xB2af16D6c7074228fC487F17929De830303E6531 |
| Optimism | 0xa1dD330d602c32622AA270Ea73d078B803Cb3518 |
| Polygon | 0x8a1B966aC46F42275860f905dbC75EfBfDC12374 |
| Polygon zkEVM | 0x1808cc3ffb04e8bB67BfEB5510D44e62cF380717 |
| Redstone | 0x2d00e94d78Fc307FC5E6195BBe2fB6aFC2FC07d4 |
| Rootstock | 0x38aE7De6f9c51e17f49cF5730DD5F2d29fa20758 |
| Scroll | 0xEfc9D1096fb65c832207E5e7F13C2D1102244dbe |
| Sei | 0xe75358526ef4441db03ccaeb9a87f180fae80eb9 |
| Taiko | 0xf6b53E8dA8bc7dbddB8E7B39635d17D7CCdCD6E5 |
| WorldChain | 0xcb2436774C3e191c85056d248EF4260ce5f27A9D |
| ZkSync | 0x2BAD8182C09F50c8318d769245beA52C32Be46CD |
| Zora | 0x36eEC182D0B24Df3DC23115D64DB521A93D5154f |
| Chain | Name | Address | Type (None, Existing Only, All) |
|---|---|---|---|
| Ethereum | UniswapV1Factory | 0xc0a47dFe034B400B47bDaD5FecDa2621de6c4d95 | All |
| Ethereum | UniswapV2Factory | 0x5C69bEe701ef814a2B6a3EDD4B1652CB9cc5aA6f | All |
| Arbitrum | UniswapV2Factory | 0xf1D7CC64Fb4452F05c498126312eBE29f30Fbcf9 | All |
| Avalanche | UniswapV2Factory | 0x9e5A52f57b3038F1B8EeE45F28b3C1967e22799C | All |
| Base | UniswapV2Factory | 0x8909Dc15e40173Ff4699343b6eB8132c65e18eC6 | All |
| Blast | UniswapV2Factory | 0x5C346464d33F90bABaf70dB6388507CC889C1070 | All |
| Boba | UniswapV2Factory | 0x40a26d18440948d8eE121b78ca4e88C37D30143b | All |
| BSC | UniswapV2Factory | 0x8909Dc15e40173Ff4699343b6eB8132c65e18eC6 | All |
| Celo | UniswapV2Factory | 0x114a43df6c5f54ebb8a9d70cd1951d3dd68004c7 | All |
| Filecoin EVM | UniswapV2Factory | 0x114a43df6c5f54ebb8a9d70cd1951d3dd68004c7 | All |
| Gnosis | UniswapV2Factory | 0x8c8b524ce7c9D2e3f59aB6711bE4Ac826FA46a0f | All |
| Linea | UniswapV2Factory | 0x114a43df6c5f54ebb8a9d70cd1951d3dd68004c7 | All |
| Moonbeam | UniswapV2Factory | 0x114a43df6c5f54ebb8a9d70cd1951d3dd68004c7 | All |
| Optimism | UniswapV2Factory | 0x0c3c1c532F1e39EdF36BE9Fe0bE1410313E074Bf | All |
| Polygon | UniswapV2Factory | 0x9e5A52f57b3038F1B8EeE45F28b3C1967e22799C | All |
| Rootstock | UniswapV2Factory | 0x114a43df6c5f54ebb8a9d70cd1951d3dd68004c7 | All |
| Scroll | UniswapV2Factory | 0x114a43df6c5f54ebb8a9d70cd1951d3dd68004c7 | All |
| WorldChain | UniswapV2Factory | 0x5C69bEe701ef814a2B6a3EDD4B1652CB9cc5aA6f | All |
| Zora | UniswapV2Factory | 0x0F797dC7efaEA995bB916f268D919d0a1950eE3C | All |
| Ethereum | UniswapV3Factory | 0x1F98431c8aD98523631AE4a59f267346ea31F984 | All |
| Arbitrum | UniswapV3Factory | 0x1F98431c8aD98523631AE4a59f267346ea31F984 | All |
| Avalanche | UniswapV3Factory | 0x740b1c1de25031C31FF4fC9A62f554A55cdC1baD | All |
| Base | UniswapV3Factory | 0x33128a8fC17869897dcE68Ed026d694621f6FDfD | All |
| Blast | UniswapV3Factory | 0x792edAdE80af5fC680d96a2eD80A44247D2Cf6Fd | All |
| Boba | UniswapV3Factory | 0xFFCd7Aed9C627E82A765c3247d562239507f6f1B | All |
| BSC | UniswapV3Factory | 0xdB1d10011AD0Ff90774D0C6Bb92e5C5c8b4461F7 | All |
| Celo | UniswapV3Factory | 0xAfE208a311B21f13EF87E33A90049fC17A7acDEc | All |
| Filecoin EVM | UniswapV3Factory | 0xB4C47eD546Fc31E26470a186eC2C5F19eF09BA41 | All |
| Gnosis | UniswapV3Factory | 0xe32F7dD7e3f098D518ff19A22d5f028e076489B1 | All |
| Linea | UniswapV3Factory | 0x31FAfd4889FA1269F7a13A66eE0fB458f27D72A9 | All |
| Manta Pacific | UniswapV3Factory | 0x06D830e15081f65923674268121FF57Cc54e4e23 | All |
| Mantle | UniswapV3Factory | 0x0d922Fb1Bc191F64970ac40376643808b4B74Df9 | All |
| Moonbeam | UniswapV3Factory | 0x28f1158795A3585CaAA3cD6469CD65382b89BB70 | All |
| Optimism | UniswapV3Factory | 0x1F98431c8aD98523631AE4a59f267346ea31F984 | All |
| Polygon | UniswapV3Factory | 0x1F98431c8aD98523631AE4a59f267346ea31F984 | All |
| Polygon zkEVM | UniswapV3Factory | 0xff83c3c800Fec21de45C5Ec30B69ddd5Ee60DFC2 | All |
| Redstone | UniswapV3Factory | 0xece75613Aa9b1680f0421E5B2eF376DF68aa83Bb | All |
| Rootstock | UniswapV3Factory | 0xaF37EC98A00FD63689CF3060BF3B6784E00caD82 | All |
| Scroll | UniswapV3Factory | 0x70C62C8b8e801124A4Aa81ce07b637A3e83cb919 | All |
| Sei | UniswapV3Factory | 0x75FC67473A91335B5b8F8821277262a13B38c9b3 | All |
| Taiko | UniswapV3Factory | 0x75FC67473A91335B5b8F8821277262a13B38c9b3 | All |
| WorldChain | UniswapV3Factory | 0x7a5028BDa40e7B173C278C5342087826455ea25a | All |
| ZkSync | UniswapV3Factory | 0x8FdA5a7a8dCA67BBcDd10F02Fa0649A937215422 | All |
| Zora | UniswapV3Factory | 0x7145F8aeef1f6510E92164038E1B6F8cB2c42Cbb | All |
| Ethereum | FranchiserFactory | 0xf754A7E347F81cFdc70AF9FbCCe9Df3D826360FA | All |
| Ethereum | UniStaker | 0xE3071e87a7E6dD19A911Dbf1127BA9dD67Aa6fc8 | All |
| Ethereum | V3FactoryOwner | 0x2e27332b25Ce245F6628377bc83573A001313C58 | All |
Contact Details: Designated security contact for Uniswap
Bounty Terms: Predetermined rewards for successful whitehats that protect protocol funds
Adopting the SEAL Whitehat Safe Harbor Agreement equips Uniswap with a rapid response mechanism for active exploits, enabling whitehats to step in effectively when needed most. The agreement provides clear guidelines for action, increasing the protection of user funds and demonstrating Uniswap's commitment to proactive security.
Please share your thoughts and feedback in the discussion below before the proposal moves to a formal vote.
Thank you all for the support! We've now moved on to the temperature check phase! Here's the Temp Check forum post: https://gov.uniswap.org/t/temp-check-adopt-the-seal-safe-harbor-agreement/25072 & Here's the Snapshot: https://snapshot.box/#/s:uniswapgovernance.eth/proposal/0xba36ded3039fc2588cdc7352e2ac6dd40ca0c3548576d9d31256663fbfc3f1b4
Hi @dennisonb! Thanks for reviewing the proposal!
That's an interesting idea! I'm unsure if the whitehats are actually the best to write that report. Whitehats are not the people who had originally discovered the bug (since that should be reported through a bug bounty) - thus they might not have full knowledge on how the exploit actually worked (ie. a MEV bot that's rescuing funds by frontrunning the hacker). Given how high profile Uniswap is, there should be no shortage of reports on the incident if it were (but hopefully never) occur. Additionally I think it would be best to not add non-essential restraints on the whitehat. Their job is solely to rescue funds and return them to the protocol.
Thank you all for the support! We've now moved on to the temperature check phase! Here's the Temp Check forum post: https://gov.uniswap.org/t/temp-check-adopt-the-seal-safe-harbor-agreement/25072 & Here's the Snapshot: https://snapshot.box/#/s:uniswapgovernance.eth/proposal/0xba36ded3039fc2588cdc7352e2ac6dd40ca0c3548576d9d31256663fbfc3f1b4
Hi @dennisonb! Thanks for reviewing the proposal!
That's an interesting idea! I'm unsure if the whitehats are actually the best to write that report. Whitehats are not the people who had originally discovered the bug (since that should be reported through a bug bounty) - thus they might not have full knowledge on how the exploit actually worked (ie. a MEV bot that's rescuing funds by frontrunning the hacker). Given how high profile Uniswap is, there should be no shortage of reports on the incident if it were (but hopefully never) occur. Additionally I think it would be best to not add non-essential restraints on the whitehat. Their job is solely to rescue funds and return them to the protocol.
Thanks for your suggestions & questions!
I updated the DAO proposal with the clarification on the bounty & the POC stating their availability every 4 months
Hey Pepo! Thanks for reading over the proposal!
Thanks for your suggestions & questions!
I updated the DAO proposal with the clarification on the bounty & the POC stating their availability every 4 months
Hey Pepo! Thanks for reading over the proposal!
Welcome to the forum @Dickson !
Great post, I like the inclusion of the addresses for the funds for upfront transparency. I was immediately wondering about that myself.
Welcome to the forum @Dickson !
Great post, I like the inclusion of the addresses for the funds for upfront transparency. I was immediately wondering about that myself.
Given the critical nature of whitehat interventions, has the team considered adding a requirement for post-incident reports from whiteats to help improve protocol security? This could help document attack vectors and prevention strategies while maintaining the whitehat's anonymity.
Welcome to the forum @Dickson !
Great post, I like the inclusion of the addresses for the funds for upfront transparency. I was immediately wondering about that myself.
Welcome to the forum @Dickson !
Great post, I like the inclusion of the addresses for the funds for upfront transparency. I was immediately wondering about that myself.
Given the critical nature of whitehat interventions, has the team considered adding a requirement for post-incident reports from whiteats to help improve protocol security? This could help document attack vectors and prevention strategies while maintaining the whitehat's anonymity.
The following reflects the views of L2BEAT’s governance team, composed of @krst and @Sinkas, and it’s based on the combined research, fact-checking, and ideation of the two.
We’re voting FOR the proposal.
The following reflects the views of L2BEAT’s governance team, composed of @krst and @Sinkas, and it’s based on the combined research, fact-checking, and ideation of the two.
We’re voting FOR the proposal.
We generally favor proposals that help enhance protocol security, and the proposed agreement—although hopefully we never have to use it—does precisely that. All the questions that came to our mind after originally reading the proposal have already been addressed, so we don’t have any material reason to be skeptical or against the proposal.
We support this proposal as it adds a valuable and complementary function to Uniswap’s security framework and current bug bounty program. The possibility of recovering funds from active exploits serves as a nice safeguard, and would arguably be highly appreciated by any affected users should such a scenario present itself. After all, security over user funds is imperative. Bounty structure is also fair.
Will be voting yes!
On the Designated Contact, I raised my hand for it as I'd been chatting with @Dickson et al about the proposal for a couple of months. In general, there isn't as much to do here as an L2 security council (and hopefully nothing to do at all!). Ultimately, the adoption details can be modified by governance vote so if there's a compelling reason to change it up it's easy enough to do. I'd suggest we leave as is for a bit and potentially revisit in six months to a year.
We fully support this proposal and believe it makes sense to leverage white hat responses in the event of a hack. White hats should have protection when intervening in security breaches. We also support the dynamic bounty structure, as it ensures there’s always a sufficient incentive for white hat intervention.
A few questions on what this looks like moving forward:
We fully support this proposal and believe it makes sense to leverage white hat responses in the event of a hack. White hats should have protection when intervening in security breaches. We also support the dynamic bounty structure, as it ensures there’s always a sufficient incentive for white hat intervention.
A few questions on what this looks like moving forward:
Other DAOs, like Arbitrum, use a security council that rotates every six months. Is this something Uniswap has considered implementing?
Thanks for sharing this proposal, @Dickson.
At Karpatkey, security is a core value for us, so we’re fully behind this initiative. Uniswap is a battle-tested protocol, and we truly appreciate the hard work that its stakeholders continue to put into maintaining its security. As a leader in the space, Uniswap has the opportunity to set the gold standard for security practices, and we believe the SEAL proposal is a big step in that direction.
Thanks for sharing this proposal, @Dickson.
At Karpatkey, security is a core value for us, so we’re fully behind this initiative. Uniswap is a battle-tested protocol, and we truly appreciate the hard work that its stakeholders continue to put into maintaining its security. As a leader in the space, Uniswap has the opportunity to set the gold standard for security practices, and we believe the SEAL proposal is a big step in that direction.
We’re excited to see this move forward and hope it’s adopted soon!
Thanks for this clarification, I wasn't aware of Arbitrum Aliases, wanted to make sure we were in the loop for the security standards of the DAO.
The following reflects the views of L2BEAT’s governance team, composed of @krst and @Sinkas, and it’s based on the combined research, fact-checking, and ideation of the two.
We’re voting FOR the proposal.
The following reflects the views of L2BEAT’s governance team, composed of @krst and @Sinkas, and it’s based on the combined research, fact-checking, and ideation of the two.
We’re voting FOR the proposal.
We generally favor proposals that help enhance protocol security, and the proposed agreement—although hopefully we never have to use it—does precisely that. All the questions that came to our mind after originally reading the proposal have already been addressed, so we don’t have any material reason to be skeptical or against the proposal.
We support this proposal as it adds a valuable and complementary function to Uniswap’s security framework and current bug bounty program. The possibility of recovering funds from active exploits serves as a nice safeguard, and would arguably be highly appreciated by any affected users should such a scenario present itself. After all, security over user funds is imperative. Bounty structure is also fair.
Will be voting yes!
On the Designated Contact, I raised my hand for it as I'd been chatting with @Dickson et al about the proposal for a couple of months. In general, there isn't as much to do here as an L2 security council (and hopefully nothing to do at all!). Ultimately, the adoption details can be modified by governance vote so if there's a compelling reason to change it up it's easy enough to do. I'd suggest we leave as is for a bit and potentially revisit in six months to a year.
We fully support this proposal and believe it makes sense to leverage white hat responses in the event of a hack. White hats should have protection when intervening in security breaches. We also support the dynamic bounty structure, as it ensures there’s always a sufficient incentive for white hat intervention.
A few questions on what this looks like moving forward:
We fully support this proposal and believe it makes sense to leverage white hat responses in the event of a hack. White hats should have protection when intervening in security breaches. We also support the dynamic bounty structure, as it ensures there’s always a sufficient incentive for white hat intervention.
A few questions on what this looks like moving forward:
Other DAOs, like Arbitrum, use a security council that rotates every six months. Is this something Uniswap has considered implementing?
Thanks for sharing this proposal, @Dickson.
At Karpatkey, security is a core value for us, so we’re fully behind this initiative. Uniswap is a battle-tested protocol, and we truly appreciate the hard work that its stakeholders continue to put into maintaining its security. As a leader in the space, Uniswap has the opportunity to set the gold standard for security practices, and we believe the SEAL proposal is a big step in that direction.
Thanks for sharing this proposal, @Dickson.
At Karpatkey, security is a core value for us, so we’re fully behind this initiative. Uniswap is a battle-tested protocol, and we truly appreciate the hard work that its stakeholders continue to put into maintaining its security. As a leader in the space, Uniswap has the opportunity to set the gold standard for security practices, and we believe the SEAL proposal is a big step in that direction.
We’re excited to see this move forward and hope it’s adopted soon!
Thanks for this clarification, I wasn't aware of Arbitrum Aliases, wanted to make sure we were in the loop for the security standards of the DAO.
Thanks for this clarification, I wasn't aware of Arbitrum Aliases, wanted to make sure we were in the loop for the security standards of the DAO.
I think that would make sense, especially when thinking way down the road.
Thanks for all these clarifications.
I find the proposal compelling and am in support of it. However, I would like clarification on the following points:
Incentive Overlap Considering Uniswap Labs already operates a bounty program, could you clarify if there's an overlap where participants might benefit from both this proposal and the existing program? How is this "double dipping" of incentives defined or avoided?
Address Management and Security How will the addresses be maintained and how we can ensure there is not a single point of failure?
I find the proposal compelling and am in support of it. However, I would like clarification on the following points:
Incentive Overlap Considering Uniswap Labs already operates a bounty program, could you clarify if there's an overlap where participants might benefit from both this proposal and the existing program? How is this "double dipping" of incentives defined or avoided?
Address Management and Security How will the addresses be maintained and how we can ensure there is not a single point of failure?
I've noticed that some recovery addresses for different chains, like the one for Arbitrum (see: GitHub Repository), are simply Externally Owned Accounts. We should ensure that these are ultimately controlled by the DAO to prevent potential loss of funds and legal liabilities.
Regarding the scope of contracts covered by the bounty, in the event of a hack, will the bounty be calculated on a "per contract" basis, or will it be a singular "event-based" bounty? Clarification here is crucial to prevent disputes if a security breach occurs.
How does this apply specifically to the hook contracts of Uniswap V4?
The Safe Harbor Agreement will cover both the subcontracts currently deployed under this contract and any future subcontracts deployed through it. This ensures that all present and future subcontracts are protected.
Thanks for bringing this forward @Dickson.
We're curious, how did you determine the bounty cap of 2.25M?
Thanks for this clarification, I wasn't aware of Arbitrum Aliases, wanted to make sure we were in the loop for the security standards of the DAO.
I think that would make sense, especially when thinking way down the road.
Thanks for all these clarifications.
I find the proposal compelling and am in support of it. However, I would like clarification on the following points:
Incentive Overlap Considering Uniswap Labs already operates a bounty program, could you clarify if there's an overlap where participants might benefit from both this proposal and the existing program? How is this "double dipping" of incentives defined or avoided?
Address Management and Security How will the addresses be maintained and how we can ensure there is not a single point of failure?
I find the proposal compelling and am in support of it. However, I would like clarification on the following points:
Incentive Overlap Considering Uniswap Labs already operates a bounty program, could you clarify if there's an overlap where participants might benefit from both this proposal and the existing program? How is this "double dipping" of incentives defined or avoided?
Address Management and Security How will the addresses be maintained and how we can ensure there is not a single point of failure?
I've noticed that some recovery addresses for different chains, like the one for Arbitrum (see: GitHub Repository), are simply Externally Owned Accounts. We should ensure that these are ultimately controlled by the DAO to prevent potential loss of funds and legal liabilities.
Regarding the scope of contracts covered by the bounty, in the event of a hack, will the bounty be calculated on a "per contract" basis, or will it be a singular "event-based" bounty? Clarification here is crucial to prevent disputes if a security breach occurs.
How does this apply specifically to the hook contracts of Uniswap V4?
The Safe Harbor Agreement will cover both the subcontracts currently deployed under this contract and any future subcontracts deployed through it. This ensures that all present and future subcontracts are protected.
Thanks for bringing this forward @Dickson.
We're curious, how did you determine the bounty cap of 2.25M?
