Uniswap (UNI) Critical Vulnerability Disclosed, Funds Safe?

1 year ago 78

article image

Vladislav Sopov

Dedaub cybersecurity experts unveiled captious bug successful Uniswap (UNI), largest noncustodial crypto exchange

Dedaub, a blockchain-focused cybersecurity team, shared the plan of a imaginable onslaught connected the funds successful Uniswap's Universal Router, a new-gen mechanics that allows users to determination NFTs and cryptocurrencies together.

Uniswap's Universal Router tin beryllium drained

Uniswap (UNI) was exposed to a captious vulnerability aft the activation of its Universal Router. The bug allowed a 3rd enactment to inject the codification and retreat wealth during the process of routing.

The Dedaub squad has disclosed a Critical vulnerability to the Uniswap team!

Funds are harmless - Uniswap addressed the contented and redeployed the Universal Router astute contracts connected each its chains 👏

The vulnerability allows re-entertrancy to drain the user's funds, mid-tx.

🧵 pic.twitter.com/wFSFsohPvy

— Dedaub (@dedaub) January 2, 2023

The onslaught was imaginable arsenic the router mechanics contains funds mid-transaction, and these funds tin beryllium withdrawn by an attacker. For instance, if relationship "A" transfers NFTs and past transfers funds to relationship "B," the second is theoretically capable to "reenter" the router and drain the funds.

The cybersecurity researchers advised the Uniswap (UNI) squad to instrumentality a reentrance fastener to the halfway execution of the caller router and past redeploy this mechanism.

Uniswap (UNI) activated its Universal Router connected Dec. 17, 2022. It importantly streamlined the processes of token swaps and made them much assets efficient.

Uniswap fixes bug, pays bug bounty

Dedaub experts announced that the Uniswap (UNI) squad implemented the information hole earlier the router gained traction among users of the decentralized exchange. The exigency update was activated crossed each blockchains Uniswap (UNI) leverages currently.

All funds of caller and existing Uniswap (UNI) users are 100% harmless astatine this time. Also, Uniswap (UNI) paid the bug bounty to the experts that unveiled the unsafe vulnerability.

As covered by U.Today previously, successful 2022, Uniswap (UNI) registered a whopping $620 cardinal successful trading measurement connected its swap motor contempt the bearish recession.

The level handled 68 cardinal transactions connected the Ethereum (ETH) web only.

Read Entire Article