DeFi Auditor Identifies A Uniswap Vulnerability And Receives A $40K Reward
Dedaub, a security auditing company, got a Uniswap “bug bounty” worth $40,000 for identifying a severe flaw in the smart contract protocol. This DeFi auditor found vulnerabilities in the Uniswap Universal Router contract.
This contract is a unique technology and programming language that enables users to exchange numerous tokens for NFTs in a single transaction. Dedaub tweeted that the flaw may allow someone to steal funds by implementing external codes during a transfer.
Dedaub creator Yannis Smaragdakis noted, “Clearly, the UniversalRouter should not maintain any balances between transactions, else they may be emptied by anybody.” The user experience is enhanced by the UniversalRouter contract’s ability to execute several transaction commands on the back end at the same time.
However, Dedaub discovered that there was no “re-entrancy lock” in the contract, which prevents hackers from issuing further orders during transfers that would enable them to steal money. When Dedaub discovered the vulnerability a few weeks ago, the Uniswap team immediately confirmed it and paid $40,000 in USDC to the security audit firm for finding the flaw.
The audit firm found the flaw in the global router smart contract of the protocol early, thanks to Uniswap’s bug bounty program, which it started recently. After identifying the vulnerability, Dedaub confirmed the receipt of its bug bounty reward from Uniswap.
The router implements a programming language for a wide range of token activities, including transmission to outside receivers. If carried out properly, the signals will reach the receiver within the predetermined limits.
Preventing A Possible Attack
Dedaub discovered a flaw that may allow a third-party code to be invoked during the transfer and re-enter the global router to access any tokens kept in reserve by the contract. Later, Dedaub offered a solution, advising the Uniswap team to incorporate a re-entry lock into the newly implemented router core.
While most evaluations rated the vulnerability as having a high effect and low probability, Uniswap categorized the issue as having a medium severity. Dedaub claimed it was a mistake if a user accidentally sent an NFT to an untrusted receiver.
Uniswap regarded the vector as having low probability since more complicated and unlikely situations were considered legitimate re-entry. The offering of bug bounties has become prevalent in the DeFi field as platforms and businesses attempt to safeguard their software, systems, and infrastructure.
Tokenhell produces content exposure for over 5,000 crypto companies and you can be one of them too! Contact at info@tokenhell.com if you have any questions. Cryptocurrencies are highly volatile, conduct your own research before making any investment decisions. Some of the posts on this website are guest posts or paid posts that are not written by Tokenhell authors (namely Crypto Cable , Sponsored Articles and Press Release content) and the views expressed in these types of posts do not reflect the views of this website. Tokenhell is not responsible for the content, accuracy, quality, advertising, products or any other content or banners (ad space) posted on the site. Read full terms and conditions / disclaimer.