Logo
CryptoFindHere Audience
Home Cryptocurrency News How Uniswap Was Saved From Critical Vulnerability By This Security Firm

How Uniswap Was Saved From Critical Vulnerability By This Security Firm

How Uniswap Was Saved From Critical Vulnerability By This Security Firm
Cryptocurrency News
Like? Do Rank It! Likes

Security firm Dedaub discovered and disclosed a critical vulnerability on the popular Ethereum decentralized exchange Uniswap. The team behind the protocol fixed the bug and the affected components were redeployed successfully. Otherwise, an attacker could have moderated transactions for the purpose of stealing a user's funds. 

Uniswap Prevents hazard and corrects new functionality.

According to the security company, the vulnerability was involuntarily deployed with the universal router. This component allows Uniswap users to exchange ERC-20 and nonfungible chips "in one swap router."

In other words, Uniswap users can optimize their transactions and exchange several tokens and ETFs in one transaction, saving them time and money. It also allows users to transfer funds to others. 

Where the vulnerability exists, a user may send a transaction to a third party and the third party may have access to the sender's funds. Dedaub explained the following:

(…) if third-party code is invoked at any point in the transfer (which manifests itself due to composition of protocols), the code can reenter the UniversalRouter and claim any tokens temporarily in the contract (…). The attacker must also apply code to re-enter the router (call to perform) and scan all token amounts. The router may hold funds in the middle of a transaction because of other shares and transfers in a complex swap.

The universal router retains funds from the sender during the completion of the transaction. Meanwhile, the funds were vulnerable, and a bad actor could drain them by calling specific orders like "hurry" with a ".TRANSFER” or. “.SWEEP.”

The vulnerability could have made it possible for a bad actor to "reintegrate" a transaction using this command. Once inside, the attacker could have "emptied the whole amount" out of the shipper's wallet. 

The security company added the following about the "never-ending scenarios" in which the vulnerability might have been exploited:

If unreliable code is invoked at any time in the transfer, the code may re-enter UniversalRouter and claim the chips already in the UniversalRouter agreement. These chips will, for instance, exists because the user has the intention to subsequently purchase an nft, or transfer chips to another recipient, or because the user exchanges a greater amount than necessary and has the intention of "scanning" the rest to themselves at the end of the call universally outwardly. And there are many scenarios where an unreliable recipient can be called (...).

Ethereum DEX awards three million dollars in bonuses.

In December 2022, Uniswap launched the Universal Router as part of its new NFT-enabled functionality. At that time, uniswap laboratories announced a bonus program of $3 million. Dedaub has been awarded this amount for its new component bug report.

The firm celebrated the award and the fact that a bad actor never took advantage of vulnerability. In addition, the security firm was “the only bug report that Uniswap acted upon.” 

2022 was a troublesome year for crypto and risk-on assets, while macroeconomic forces played against the nascent sector. Users have encountered obstacles beyond the drop in prices, as pirates and bad actors have taken billions of dollars from the industry. 

Source: Chainalysis

Data from on-chain analytics firm Chainalysis claims that bad actors have received over $26 billion in cryptocurrency from 2017 to 2021 alone. Whether 2023 will prolong or lessen this trend remains to be seen. 

Price of uni moving laterally on the daily chart. Source: UNIUSDT Tradingview

At the time we write these lines, UNI's price is trading at $5.70 with a lateral move on the daily chart. 

Tags:
04.01.2023
Cryptocurrency News Recent Posts
Major xrp metric surges touches an ath: details
1 weeks ago
Major xrp metric surges touches an ath: details
Jailed Binance Exec’s Bail Hearing in Nigeria Postponed Until May 17
1 weeks ago
Jailed Binance Exec’s Bail Hearing in Nigeria Postponed Until May 17
Akash Network (AKT) Vaults into Top 100 Cryptocurrencies After New Exchange Listing
1 weeks ago
Akash Network (AKT) Vaults into Top 100 Cryptocurrencies After New Exchange Listing

Most Popular in Cryptocurrency News newsmore Cryptocurrency News

Bitcoin Slides Under $40,000 Triggering $230 Million In Liquidations
bitcoin bybit gbtc
15 weeks ago
Bitcoin Slides Under $40,000 Triggering $230 Million In Liquidations

Cryptic Tweets from Major Exchange Get Ripple (XRP) Users Excited: Details
15 weeks ago
Cryptic Tweets from Major Exchange Get Ripple (XRP) Users Excited: Details

Bitcoin ATM Vulnerability Could Have Given Hackers "Total Control"
14 weeks ago
Bitcoin ATM Vulnerability Could Have Given Hackers "Total Control"
Coinbase Blasts U.S. GAO For Claiming Crypto Can Help Dodge Sanctions
15 weeks ago
Coinbase Blasts U.S. GAO For Claiming Crypto Can Help Dodge Sanctions
‘Cherry Picking’ Crypto Scammer Receives Two-Year Prison Sentence
15 weeks ago
‘Cherry Picking’ Crypto Scammer Receives Two-Year Prison Sentence
ETF Anticipation Ends in ‘Sell-the-News’ Slump for BTC, ETH Sees a Notable Boost: Glassnode
14 weeks ago
ETF Anticipation Ends in ‘Sell-the-News’ Slump for BTC, ETH Sees a Notable Boost: Glassnode
Could Bitcoin Mining Companies Face Threats From the Failure of This Crypto Bank?
15 weeks ago
Could Bitcoin Mining Companies Face Threats From the Failure of This Crypto Bank?

Latest Stories