Audits
The Ones in the Arena: Uniswap Foundation
Today’s interview is with Erin Koen, Uniswap Foundation’s Governance Lead. We go into all things security regarding the Foundation, their role and what’s on their roadmap. Let’s dive in!
Talk to us about Uniswap Foundation. What is it, and why is it so important?
The Uniswap Foundation plays a critical role in supporting the development, governance, and sustainability of the Uniswap Protocol, promoting its growth and longevity while ensuring the Protocol remains decentralized and accessible.
We saw your announcement about Uniswap v4 being set for Q3 2024! That’s super exciting, and it was great to see that a dedication to security is at the forefront. Can you tell us more about what goes into making v4 the most rigorously audited code ever deployed on Ethereum?
Uniswap Labs and Uniswap Foundation are committed to undergoing multiple audits from various audit firms over the course of 2–3 months to ensure that v4’s code is the most rigorously audited code ever deployed on Ethereum.
To elaborate more on the above, what is your definition of ‘being secure’ for an organization in web3?
There are some things that have been top of mind for me in managing this project, and I’m lucky to have worked with Scopelift, a dev team that does all of this stuff by default.
- Simple, well-written code
- Scalable and repeatable development practices
- Commitment to invest in quality audits
- Comprehensive user- and developer-facing documentation
- Codified incident response plans
Some of this is still under development, but will be finished before these contracts go into production!
Taking it back to specifics, what prompted you to engage with Code4rena?
At the Uniswap Foundation, we love community-driven programs. More specifically, engaging with platforms like Code4rena that facilitate crowdsourced security audits and competitions allow us to tap into a wide pool of talent. This diversity in scrutiny helps uncover a broader range of potential vulnerabilities than might be identified through traditional audit processes alone.
Apart from running an audit with us, what does your security roadmap look like?
- Diverse and comprehensive audits from multiple teams.
- Extensive documentation.
- Continuous improvement of security practices and tooling.
- Expansion of bug bounty programs.
- Education and awareness initiatives for developers.
- Collaboration with other projects and entities to improve the security posture of the broader ecosystem.
To wrap up, let’s finish with an open-ended question. We’re not halfway through 2024, and we’ve already seen some very impactful exploits in the space. How can we become better as a community regarding security?
The collective effort to enhance security in the DeFi space will be an ongoing effort. By learning from past mistakes, prioritizing security from the outset, and fostering a collaborative approach to identifying and mitigating risks, the community can build more resilient systems.
About Uniswap Foundation
The Uniswap Foundation is a non-profit organization founded in 2022 whose mission is to support the growth, decentralization, and sustainability of Decentralized Finance.
Website | Twitter | Discord | Github
About Code4rena
The leading web3 security marketplace.
Website | Twitter | Discord | Medium | Docs
Uniswap Foundation’s audit began on February 23rd, 2024, and runs until March 4th, 2024. More details here.
The Ones in the Arena spotlights emerging and established DeFi projects and their founders, with an eye to celebrating and learning from them. The series’ name is inspired in part by Teddy Roosevelt’s famous quote, which has a central place in Code4rena’s philosophy.