Uniswap Found a Critical Flaw that Could Cause Billions Of Dollars In Losses

B. Ali
Last Updated:

Please note that we are not authorised to provide any investment advice. The content on this page is for information purposes only.

Dedaub’s team recently confirmed a problem in UniSwap contracts that could have put some consumers at risk. The Dedaub team, however, was the first to recognize and disclose the re-entry problem, which may have led to the loss of customer cash. They subsequently informed the Uniswap development group.

Thereby, the protocol’s developers identified the problem, fixed it, and then redeployed the Universal Router smart contracts across all of Polygon’s networks. Otherwise, a hacker may have interfered with transactions to steal money from the user.

The sole reason for this bug was Uniswap’s decision to introduce the Universal Router, which combines NFTs and ERC-20 tokens into a single swap router, according to the Dedaub team. They found that malicious actors may include a programming language in all token activities.

Critical Vulnerability in Uniswap

As we previously stated that the security firm Dedaub tweeted about discovering a problem in UniSwap contracts and alerting the UniSwap company to the issue. UniSwap fixed the issue and redeployed the Universal Router smart contracts on all its chains” after receiving the report.

According to Dedaub’s Tweet, this issue opened the door for re-entrance attacks that would steal customer funds. The Dedaub team also described how an attacker may utilize this flaw.

It is worth noting that the vulnerability first appeared in November when UniSwap unveiled its Universal Router. This router combines NFT and ERC-20 exchanging into a single swap router. The goal was to make it easier for users to carry out many tasks, such as trading numerous NFTs and tokens in a single transaction.

The Dedaub developers mentioned that the attacker might add a SWEEP command for all tokens left over after the first amounts are transferred in their Proof-of-Concept. The receiver might rapidly drain the whole sum as part of the transaction.

The Uniswap Crew Acted Rapidly.

The staff from Dedaub immediately alerted the UniSwap team to the risk of such an attack. They suggested the Uniswap team install a reentrancy lock before deploying their new router. Uniswap resolved the situation immediately, and the necessary revisions were done before the contract was authorized.

Uniswap handed the Dedaub team a $40k bug prize to show their commitment to people’s security. On the other side, the Uniswap team classified the issue as a low-probability, high-impact occurrence. As a result, this might happen in extremely complicated situations.

Re-entrancy attacks happen often in the DEX protocol, and UniSwap is aware of this. According to reports, a simple re-entry attack cost the DEX and Lendf.me $25 million in 2020. There have also been other network attacks, such as hacking. Hackers stole $8 million in ETH in July 2022 through a phishing attack.

 

About B. Ali PRO INVESTOR

Live webinar speaker and derivatives (Forex, Crypto, and Indices) analyst with a broad range of skills for evaluating financial data, investment trends, technical analysis, fundamental analysis, and the best ways to strategies investment selection.  Expertise: Trading Psychology; Speculative Positioning & Market Sentiment; Technical & Fundamental Analysis.