fix: audit and bug bounty links (#1056)

Dayitva · web-flow · commit 1795cb08f393 · 2025-10-21T00:27:27.000+08:00
diff --git a/docs/contracts/v2/concepts/03-advanced-topics/04-security.md b/docs/contracts/v2/concepts/03-advanced-topics/04-security.md
@@ -22,7 +22,7 @@ The report also has a "Design Comments" section that provided a deep technical u
 
 ## Bug Bounty
 
-Uniswap has an open and ongoing bug [bounty program](https://uniswap.org/bug-bounty/).
+Uniswap has an open and ongoing bug [bounty program](https://cantina.xyz/bounties/f9df94db-c7b1-434b-bb06-d1360abdd1be) on Cantina.
 
 ## Considerations when building on Uniswap
 
diff --git a/docs/contracts/v3/concepts/_category_.json b/docs/contracts/v3/concepts/_category_.json
@@ -0,0 +1,4 @@
+{
+  "label": "Concepts",
+  "position": 3
+}
diff --git a/docs/contracts/v3/concepts/security.md b/docs/contracts/v3/concepts/security.md
@@ -0,0 +1,23 @@
+---
+id: security
+title: Security
+---
+
+# Audits
+
+In early 2021, ABDK Consulting performed a general security review and thereafter published an audit report for the Uniswap V3 core contracts in March 2021 prior to its release.
+
+> [Read the report](https://github.com/Uniswap/v3-core/blob/main/audits/abdk/audit.pdf)
+
+In April 2021, ABDK Consulting also published an audit report for the Uniswap V3 Periphery contracts.
+
+> [Read the report](https://github.com/Uniswap/v3-periphery/blob/main/audits/abdk/audit.pdf)
+
+
+During the week of January 4th, 2021 and from February 15th to March 12th, three engineers from Trail of Bits conducted a security review on the Uniswap V3 core contracts and subsequently published an audit report including results from [Echidna end-to-end tests](https://github.com/Uniswap/v3-core/tree/main/audits/tob#end-to-end-testing-with-echidna) and  [verification](https://github.com/Uniswap/v3-core/tree/main/audits/tob#verification-with-manticore) from the symbolic execution tool Manticore.
+
+> [Read the report](https://github.com/Uniswap/v3-core/blob/main/audits/tob/audit.pdf)
+
+# Bug Bounty
+
+Uniswap has an open and ongoing bug [bounty program](https://cantina.xyz/bounties/f9df94db-c7b1-434b-bb06-d1360abdd1be) on Cantina.
diff --git a/docs/contracts/v3/guides/_category_.json b/docs/contracts/v3/guides/_category_.json
@@ -1,5 +1,5 @@
 {
   "label": "Guides",
-  "position": 3,
+  "position": 4,
   "collapsed": false
 }
diff --git a/docs/contracts/v3/reference/_category_.json b/docs/contracts/v3/reference/_category_.json
@@ -1,5 +1,5 @@
 {
   "label": "Technical Reference",
-  "position": 4,
+  "position": 5,
   "collapsed": true
 }
diff --git a/docs/contracts/v4/concepts/10-security.mdx b/docs/contracts/v4/concepts/10-security.mdx
@@ -40,9 +40,32 @@ v4's flash accounting system requires careful implementation to prevent exploita
 ### Pool Manager Interactions
 Direct interactions with the PoolManager require thorough understanding of the locking mechanism and callback patterns.
 
+## Audits
+
+Uniswap's V4 core contracts have undergone a handful of extensive security reviews by multiple providers, with some reviews still ongoing. Below is a list of completed and draft reports. The full list can be found in the respective repositories' [audits directory](https://github.com/Uniswap/v4-core/blob/main/docs/security/audits):
+
+> [Open Zeppelin report](https://github.com/Uniswap/v4-core/blob/main/docs/security/audits/OpenZeppelin_audit_core.pdf) from July 17th 2024.
+
+> [Certora draft report](https://github.com/Uniswap/v4-core/blob/main/docs/security/audits/DRAFT_Certora_audit_core.pdf) from July 2024.
+
+> [Trail of Bits report](https://github.com/Uniswap/v4-core/blob/main/docs/security/audits/TrailOfBits_audit_core.pdf) from September 5th 2024.
+
+> [Spearbit draft report](https://github.com/Uniswap/v4-core/blob/main/docs/security/audits/DRAFT_Spearbit_audit_core.pdf) from September 5th 2024.
+
+> [ABDK draft report](https://github.com/Uniswap/v4-core/blob/main/docs/security/audits/DRAFT_ABDK_audit_core.pdf) from September 5th 2024.
+
+
+Similarly, the V4 periphery contracts have been reviewed by various audit providers, and the full list is inside the periphery repository's [audits directory](https://github.com/Uniswap/v4-periphery/tree/main/audits): 
+
+> [Open Zeppelin report](https://github.com/Uniswap/v4-periphery/blob/main/audits/OpenZeppelin_audit_periphery_universal_router.pdf) from September 5th 2024.
+
+> [Spearbit draft report](https://github.com/Uniswap/v4-periphery/blob/main/audits/DRAFT_Spearbit_audit_periphery.pdf) from September 5th 2024.
+
+> [ABDK draft report](https://github.com/Uniswap/v4-periphery/blob/main/audits/DRAFT_ABDK_audit_periphery_universal_router.pdf) from September 5th 2024.
+
 ## Bug Bounty Program
 
-For non-emergency security issues, report vulnerabilities through Uniswap's official [bug bounty program](https://uniswap.org/bug-bounty/).
+In November 2024 Uniswap announced a [$15.5 million dollar bug bounty](https://blog.uniswap.org/v4-bug-bounty) for their V4 contracts. You can view the full [bounty page](https://cantina.xyz/bounties/f9df94db-c7b1-434b-bb06-d1360abdd1be) on Cantina.
 
 ## Additional Security Resources
 

-Original file line number
+Diff line change
@@ @@ -0,0 +1,4 @@ @@
 +{
 +  "label": "Concepts",
 +  "position": 3
 +}
Original file line number	Diff line number	Diff line change
`@@ -1,5 +1,5 @@`
`1`	`1`	`{`
`2`	`2`	`"label": "Guides",`
`3`		`- "position": 3,`
	`3`	`+ "position": 4,`
`4`	`4`	`"collapsed": false`
`5`	`5`	`}`
Original file line number	Diff line number	Diff line change
`@@ -1,5 +1,5 @@`
`1`	`1`	`{`
`2`	`2`	`"label": "Technical Reference",`
`3`		`- "position": 4,`
	`3`	`+ "position": 5,`
`4`	`4`	`"collapsed": true`
`5`	`5`	`}`