Uniswap Detected A Critical Vulnerability That Could Lead To Billions Of Dollar Loss

Key Points:

• A critical vulnerability in Uniswap has been fixed that may have cost consumers billions of dollars.
• The Dedaub team was the first to recognize the re-entrancy issue that might have led to the misappropriation of consumer funds. The Uniswap development team was subsequently alerted.
• The Universal Router smart contracts were redeployed across all of Polygon’s networks after the DEX developer corrected the issue.

A critical vulnerability in Uniswap has been fixed that may have cost consumers millions, if not billions, of dollars.

The Dedaub team was the first to identify the re-entrancy problem that may have resulted in the loss of customer monies. They then informed the Uniswap development group.

The Dedaub team has disclosed a Critical vulnerability to the Uniswap team!

Funds are safe – Uniswap addressed the issue and redeployed the Universal Router smart contracts on all its chains 👏

The vulnerability allows re-entertrancy to drain the user's funds, mid-tx.

🧵 pic.twitter.com/wFSFsohPvy

— Dedaub (@dedaub) January 2, 2023

The DEX developer acknowledged the fault, fixed it, and redeployed the Universal Router smart contracts across all of Polygon’s networks.

The Dedaub team observed that this issue was established due to Uniswap’s decision to introduce the Universal Router, which combines NFTs and ERC-20 tokens into a single swap router. According to their analysis, malevolent actors might embed a scripting language for all token activities.

Such commands could include transfers to third party (potentially untrusted) recipients. In a correct implementation, such a transfer should send to the recipient only what the call parameters specify.

And nothing more.

— Dedaub (@dedaub) January 2, 2023

After Uniswap re-deployed the Universal Router and added “a re-entrancy lock to the core operation,” funds are now secure.

According to DefiLlama data, the DEX currently manages $3.27 billion of assets, it is the largest by total value locked in DEXs.

Because of the way transactions are handled in account-based blockchains like Ethereum, the re-entrancy attack is a typical smart contracting mistake. Hackers have discovered this flaw over time and have stolen hundreds of millions of tokens.

For perspective, it should be noted that a re-entrancy attack was used to lock millions of ETH in the first-ever DAO in Ethereum, causing the network to split into the longer-chain Ethereum and the proof-of-work Ethereum classic.

In order to take advantage of this weakness, the attacker starts an endless loop between the weak smart contracts and their smart contract, draining the latter’s holdings of money. Once the transaction is accepted from the pool, the victim cannot recover funds because smart contracts are implemented on an immutable base layer.

Dedaub was awarded a $40,000 bounty as part of the $3 million program that Uniswap launched.

DISCLAIMER: The Information on this website is provided as general market commentary and does not constitute investment advice. We encourage you to do your own research before investing.

Join us to keep track of news: https://linktr.ee/coincu

Website: coincu.com

Harold

Coincu News