Key Points:

• A developer found a bug in the Uniswap core contract SwapRouter, and the unspent ETH in the transaction will remain in the SwapRouter contract and will not be refunded.
• Additionally, SwapRouter allows anyone to withdraw ETH from the contract, and it could be an MEV bot or anyone calling for refunds after the transaction.
• The developer said the vulnerability was discovered in December last year but was rejected by Uniswap security researchers after submitting a bug report.

A developer found a bug in the Uniswap core contract SwapRouter, and the unspent ETH in the transaction will remain in the SwapRouter contract and will not be refunded.

In December 2022, @jeiwan7 found a bug in Uniswap’s SwapRouter contract.

The developer said the vulnerability was discovered but was rejected by Uniswap security researchers after submitting a bug report.

“You don’t really find critical and high severity bugs in projects like Uniswap, especially after they’ve run in production for several years. So I didn’t really had high expectations and I was sure I wouldn’t be awarded for the report. The bug looks real to me, and I wanted to figure out why would a project with high security standards leave it unfixed.

I submitted a bug report and after more than a month I received their response: they said the bug wasn’t an issue, and everything worked as expected. I cannot agree with this ????. Thus I decided to disclose it publicly for some of you to learn something new and for more experienced security researches to decide whether the bug is real or not.”

The bug allows users to lose funds while interacting with the contract in the standard way. Additionally, SwapRouter allows anyone to withdraw ETH from the contract; it could be an MEV bot or anyone calling for refunds after the transaction.

The caller cannot know how much ETH will be spent on a swap, according to his blog post, since the Quoter contract, which is used to compute swaps before executing them, only returns the output amount and not the input amount. Even if the input amount computed by the pool had been returned, a slippage check would have been necessary on the input amount since a price change might have caused the calculated input amount to change at the time the transaction was executed.

Previously, Coincu also reported a critical vulnerability in Uniswap, which has been fixed that may have cost consumers millions of dollars. This bug was established due to Uniswap’s decision to introduce the Universal Router, which combines NFTs and ERC-20 tokens into a single swap router.

DISCLAIMER: The Information on this website is provided as general market commentary and does not constitute investment advice. We encourage you to do your own research before investing.

Join us to keep track of news: https://linktr.ee/coincu

Harold

Coincu News

Bug

ETH

SwapRouter

Uniswap

Author

Harold

With a passion for untangling the complexities of the financial world, I've spent over four years in financial journalism, covering everything from traditional equities to the cutting edge of venture capital. "The financial markets are a fascinating puzzle," I often say, "and I love helping people make sense of them." That's what drives me to bring clear and insightful financial journalism to the readers of Coincu.

Related Posts

• Ethereum Lending Markets Saw Huge Liquidations Since June 2022
• EigenLayer On Ethereum Mainnet Is Now Launched
• Digital Asset Investment Products Saw Outflows For The 2nd Consecutive Week Totaling $206m
• What Is A Spot Ethereum ETF? How Important Is The New Ether ETF?
• Hong Kong Crypto ETFs Will Have Management Fees From 0.3% To 0.99%
• Hong Kong Bitcoin ETF Expected to Launch on Monday With Huge Potential
• Spot Ethereum ETFs Are Now Asked By The SEC For Public Feedback As May 24 Is Coming
• Ethereum Blobscriptions Are Now Challenging The Network’s Data Storage Costs

DeFi

Uniswap Detected Bug Doesn’t Refund Unspent ETH In Partial Swaps

Key Points:

• A developer found a bug in the Uniswap core contract SwapRouter, and the unspent ETH in the transaction will remain in the SwapRouter contract and will not be refunded.
• Additionally, SwapRouter allows anyone to withdraw ETH from the contract, and it could be an MEV bot or anyone calling for refunds after the transaction.
• The developer said the vulnerability was discovered in December last year but was rejected by Uniswap security researchers after submitting a bug report.

A developer found a bug in the Uniswap core contract SwapRouter, and the unspent ETH in the transaction will remain in the SwapRouter contract and will not be refunded.

In December 2022, @jeiwan7 found a bug in Uniswap’s SwapRouter contract.

Public Bug Report: Uniswap's SwapRouter doesn't refund unspent ETH in partial swapshttps://t.co/BYR8Ol7uR4

PoC:https://t.co/Ai7Uip93sA

I'll appreciate your thoughts in replies ???? on whether this is a valid vulnerability or not.

— jeiwan.eth ???????? (@jeiwan7) January 22, 2023

The developer said the vulnerability was discovered but was rejected by Uniswap security researchers after submitting a bug report.

“You don’t really find critical and high severity bugs in projects like Uniswap, especially after they’ve run in production for several years. So I didn’t really had high expectations and I was sure I wouldn’t be awarded for the report. The bug looks real to me, and I wanted to figure out why would a project with high security standards leave it unfixed.

I submitted a bug report and after more than a month I received their response: they said the bug wasn’t an issue, and everything worked as expected. I cannot agree with this ????. Thus I decided to disclose it publicly for some of you to learn something new and for more experienced security researches to decide whether the bug is real or not.”

The bug allows users to lose funds while interacting with the contract in the standard way. Additionally, SwapRouter allows anyone to withdraw ETH from the contract; it could be an MEV bot or anyone calling for refunds after the transaction.

The caller cannot know how much ETH will be spent on a swap, according to his blog post, since the Quoter contract, which is used to compute swaps before executing them, only returns the output amount and not the input amount. Even if the input amount computed by the pool had been returned, a slippage check would have been necessary on the input amount since a price change might have caused the calculated input amount to change at the time the transaction was executed.

Previously, Coincu also reported a critical vulnerability in Uniswap, which has been fixed that may have cost consumers millions of dollars. This bug was established due to Uniswap’s decision to introduce the Universal Router, which combines NFTs and ERC-20 tokens into a single swap router.

DISCLAIMER: The Information on this website is provided as general market commentary and does not constitute investment advice. We encourage you to do your own research before investing.

Join us to keep track of news: https://linktr.ee/coincu

Harold

Coincu News

Visited 60 times, 1 visit(s) today

Other Posts

Related Posts

Knowledge

- 49 days ago 13 mins

Free Bitcoin Code 2024: Easy Way To Own Bitcoin

News

- 22 hours ago 2 mins

FTX Solana Auction Prepares To Take Place After $300 Million Sale In March

Knowledge

- 506 days ago 4 mins

Why Are IEO Projects On Binance Launchpad More Attractive To Investors?

Market

- 961 days ago 3 mins

Bitfinex launches Managed Security Token Platform in Kazakhstan

Bitcoin

- 925 days ago 2 mins

News

- 662 days ago 2 mins

KuCoin CEO Says Ignore FUD And There Is No Plan To Stop Crypto Withdrawals

News

- 521 days ago 2 mins

If Bitcoin Still Struggles Below $15,000, The Whole Market Will Flooded With “Blood”

DeFi Reviews

- 946 days ago 5 mins

Review SolRazr ($SOLR) – The First Decentralised Developer Ecosystem For Solana