Dedaub, a security auditing company, got a Uniswap “bug bounty” worth $40,000 for identifying a severe flaw in the smart contract protocol. This DeFi auditor found vulnerabilities in the Uniswap Universal Router contract.
This contract is a unique technology and programming language that enables users to exchange numerous tokens for NFTs in a single transaction. Dedaub tweeted that the flaw may allow someone to steal funds by implementing external codes during a transfer.
Dedaub creator Yannis Smaragdakis noted, “Clearly, the UniversalRouter should not maintain any balances between transactions, else they may be emptied by anybody.” The user experience is enhanced by the UniversalRouter contract’s ability to execute several transaction commands on the back end at the same time.
However, Dedaub discovered that there was no “re-entrancy lock” in the contract, which prevents hackers from issuing further orders during transfers that would enable them to steal money. When Dedaub discovered the vulnerability a few weeks ago, the Uniswap team immediately confirmed it and paid $40,000 in USDC to the security audit firm for finding the flaw.
Also read:The audit firm found the flaw in the global router smart contract of the protocol early, thanks to Uniswap’s bug bounty program, which it started recently. After identifying the vulnerability, Dedaub confirmed the receipt of its bug bounty reward from Uniswap.
The router implements a programming language for a wide range of token activities, including transmission to outside receivers. If carried out properly, the signals will reach the receiver within the predetermined limits.
Preventing A Possible Attack
Dedaub discovered a flaw that may allow a third-party code to be invoked during the transfer and re-enter the global router to access any tokens kept in reserve by the contract. Later, Dedaub offered a solution, advising the Uniswap team to incorporate a re-entry lock into the newly implemented router core.
While most evaluations rated the vulnerability as having a high effect and low probability, Uniswap categorized the issue as having a medium severity. Dedaub claimed it was a mistake if a user accidentally sent an NFT to an untrusted receiver.
Uniswap regarded the vector as having low probability since more complicated and unlikely situations were considered legitimate re-entry. The offering of bug bounties has become prevalent in the DeFi field as platforms and businesses attempt to safeguard their software, systems, and infrastructure.
At Tokenhell, we help over 5,000 crypto companies amplify their content reach—and you can join them! For inquiries, reach out to us at info@tokenhell.com. Please remember, cryptocurrencies are highly volatile assets. Always conduct thorough research before making any investment decisions. Some content on this website, including posts under Crypto Cable, Sponsored Articles, and Press Releases, is provided by guest contributors or paid sponsors. The views expressed in these posts do not necessarily represent the opinions of Tokenhell. We are not responsible for the accuracy, quality, or reliability of any third-party content, advertisements, products, or banners featured on this site. For more details, please review our full terms and conditions / disclaimer.