dRdefRes
Uniswap V3 logo

Uniswap V3

TierΒ 1

uniswap-v3

Dexs
0GArbitrumAvalancheBOBBaseBinance

A fully decentralized protocol for automated liquidity provision on Ethereum. V2

8.1Safety Score75% confidence

Latest TVL

$1.74B

DeFiLlama Β· updated 5/20/2026

Audits

3

reports collected

Findings

29

across all audits

Last Updated

5/20/2026

Analyzed

Analysis Overview

πŸ—οΈ

Protocol Overview

Uniswap V3 is a Tier 1 decentralized AMM with $1.74B TVL deployed across 38+ chains. Its core innovation, concentrated liquidity, lets LPs earn higher fees on custom price ranges using ticks. Yield comes from trading fees across three fee tiers (0.05%, 0.30%, 1.00%) with no native token emissions. ABDK audit covered peripheral contracts only: 2 critical bugs were fixed, 1 high-severity finding (CVF-24, missing token existence check) remains open. Key protocol-level risks include concentrated liquidity complexity, TWAP oracle usage by downstream protocols, and the large multi-chain surface. Core contracts are immutable; the protocol has no external oracle dependencies.
πŸ”’

Code Security

8.2/10
ABDK Consulting audited only the peripheral contracts (NonfungiblePositionManager, SwapRouter) in April 2021, yielding 29 findings: 2 critical (CVF-7, CVF-26 β€” both fixed), 1 high (CVF-24 β€” open), and 26 minor. The critical CVF-7 involved flawed multi-hop swap payer assignment; CVF-26 allowed liquidity theft from positions sharing identical tick ranges. CVF-24 (missing token existence check) has remained open since 2021, a key unresolved risk for downstream integrators. Core pool contracts handling the majority of TVL were not audited, a significant coverage gap. The audit found moderate code quality overall, though the protocol's track record of nearly 7 years without major incidents provides confidence.
πŸ’°

Economic Security

7.0/10
Uniswap V3 holds $1.74B TVL across 40+ chains, representing strong economic security fundamentals. The protocol uses TWAP oracles (resistant to single-block manipulation but vulnerable to sophisticated multi-block attacks on low-liquidity pools) with no external oracle dependencies. ABDK audit findings CVF-26 (liquidity theft vector) and CVF-7 (payer handling flaw) represent identified economic attack surface. MEV extraction is inherent to DEX design, amplifying impermanent loss for LPs. LP incentives are organically aligned through trading fees with no inflationary token emissions, reducing mercenary capital risk. Score: 7.0/10, constrained by unresolved findings, MEV exposure, and limited third-party security assessments.
πŸ‘₯

Team & Transparency

8.0/10
Uniswap V3 benefits from a publicly known founder (Hayden Adams) and a named audit team at ABDK Consulting (Mikhail Vladimirov, Dmitry Khovratovich). The protocol has delivered three versions over nearly 7 years without a major exploit, and the codebase is fully open-source. The DAO governance model provides decentralized oversight. Two critical audit bugs were identified and fixed before deployment. No major social red flags were identified. Score: 8.0/10, with deductions for missing bug bounty program specifics, treasury balance data, and live social media metrics. The core pool contracts were never audited, representing a notable transparency gap for a Tier 1 DeFi protocol.
πŸ—³οΈ

Governance

9.2/10
Uniswap V3 is governed by the Uniswap DAO using UNI token-weighted voting, with a 48-hour timelock on execution. Core contracts (UniswapV3Pool, UniswapV3Factory) are immutable β€” no single entity can modify pool logic. The DAO controls treasury allocation and fee parameters, with no emergency admin key. Key governance risks include flash loan attacks to acquire voting power, low voter participation enabling capture by large holders, and treasury misappropriation. Multi-chain deployment across 29+ chains adds coordination complexity. Score: 9.2/10 β€” the highest scoring section, driven by immutability-first design and no admin keys as the strongest decentralization features.
πŸ”—

Cross-Analysis

Uniswap V3 presents a moderate-to-low composite risk profile. Five cross-domain attack vectors were identified, ranging from concentrated liquidity exploitation via the unresolved CVF-24 finding to TWAP oracle manipulation cascading to downstream protocols. The protocol's immutable core is a double-edged sword: eliminates backdoor risk but removes emergency patch capability. Multi-chain deployment across 38+ chains compounds complexity. Most likely failure mode is gradual LP attrition from concentrated liquidity complexity and MEV extraction reducing net yields. Worst-case scenario: a critical core contract vulnerability exploited simultaneously across multiple chains with governance paralysis preventing response. Primary mitigant is the 7-year operational track record without major incidents.

Executive Summary

Executive Summary: Uniswap V3

Safety Rating: GREEN

Overall Score: 8.1/10 | Confidence: 0.75 | Data Completeness: 0.80 "The protocol strongest risk mitigant is its proven operational track record of nearly 7 years without major incidents"

Scores by Dimension

DimensionScoreKey Finding
Code Security8.2/10ABDK audit identified and fixed 2 critical bugs before deployment, though CVF-24 (high severity) remains open "We found two critical bugs, which were fixed later"
Economic Security7.0/10Strong fundamentals with $1.74B TVL across 40+ chains, but MEV exposure and TWAP oracle manipulation risks constrain the score "$1.74 billion in total value locked"
Team Transparency8.0/10Well-established public identity with founder Hayden Adams publicly known and ABDK Consulting as named auditors "founder Hayden Adams publicly known as the creator of Uniswap"
Governance9.2/10Immutable core contracts and DAO governance with 48-hour timelock represent best-in-class decentralization "Core contract immutability means no single entity can modify pool logic"
Track Record8.5/10Nearly 7 years of continuous operation across three protocol versions without major security incidents "nearly 7 years of operational history"

What This Protocol Does

Uniswap V3 is a fully decentralized automated market maker (AMM) protocol that enables permissionless token swaps and concentrated liquidity provision. As a DEX in the "Dexs" category, it allows anyone to become a liquidity provider by depositing token pairs into liquidity pools, earning trading fees in return "A fully decentralized protocol for automated liquidity provision on Ethereum". The protocol's primary purpose is to facilitate decentralized token exchanges through a non-custodial, non-intermediated model where trades execute directly via smart contracts based on a deterministic pricing formula.

Key Strengths

  • Immutable core design: Core V3 contracts cannot be upgraded, eliminating upgrade centralization risk "Core contract immutability means no single entity can modify pool logic"
  • Critical bugs identified and fixed: ABDK audit found 2 critical vulnerabilities that were resolved before deployment "We found two critical bugs, which were fixed later"
  • Proven operational track record: Nearly 7 years of operation across V1, V2, and V3 without major exploits "The protocol strongest risk mitigant is its proven operational track record of nearly 7 years without major incidents"
  • Multi-chain resilience: Deployed across 38 chains providing geographic distribution and reduced single-chain risk "The protocol has deployed across 40+ chains"
  • Sustainable economics: LP fees from organic trading activity without inflationary token emissions "Liquidity providers are motivated by genuine trading fee revenue rather than token incentives"

Key Risks

  • Unresolved high-severity finding: CVF-24 (missing token existence check) remains open since April 2021 audit "CVF-24... Status: Opened"
  • Limited audit scope: Core pool contracts were not audited, representing significant unaudited code handling $1.74B TVL "Core pool contracts not audited"
  • TWAP oracle manipulation: Low-liquidity pools vulnerable to sophisticated multi-block manipulation "TWAPs are resistant to single-block manipulation but remain vulnerable to sophisticated multi-block manipulation"
  • Concentrated liquidity complexity: Increased attack surface and LP learning curve compared to V2 "Uniswap V3 introduces concentrated liquidity"
  • Governance attack vectors: Token-weighted voting susceptible to flash loan attacks and proposal capture "Flash loan attacks to acquire majority voting power"

Critical Findings

No critical findings identified that require immediate user action. Both critical vulnerabilities (CVF-7, CVF-26) identified by ABDK were fixed before deployment, and the protocol has operated without major security incidents since launch in May 2021 "Status: Fixed (per audit conclusion page)".

Recommendation

Uniswap V3 is suitable for users seeking a battle-tested, decentralized DEX with strong governance and minimal centralization risk. The immutable core design and DAO governance model represent best-in-class decentralization among DeFi protocols. The $1.74B TVL and 7-year operational track record provide strong confidence in protocol stability. Users should be aware that concentrated liquidity introduces complexity requiring active management, and MEV/sandwich attacks are inherent to DEX usage rather than protocol vulnerabilities. Risk-tolerant users seeking yield through liquidity provision can proceed with confidence; conservative users should understand the TVL concentration risk and MEV exposure inherent to AMM architectures "Most Likely Failure Mode: Gradual LP attrition due to concentrated liquidity complexity combined with MEV extraction".

Report Sections

  • Protocol Overview
  • Code Security
  • Economic Security
  • Social & Team
  • Governance
  • Cross-Risk Analysis

Vulnerability Findings

Critical2High1Low23Info3

Audit Reports (3)

AuditorTierStatusDiscoveredLink
Unknownβ€”completed5/20/2026View β†—
Unknownβ€”processing5/20/2026View β†—
Consensys Diligencetier_1processing5/20/2026View β†—