Security firm Dedaub has discovered and disclosed a critical vulnerability on the popular Ethereum decentralized exchange Uniswap. The team behind the protocol fixed the bug and the affected components were successfully redeployed – otherwise an attacker could have manipulated transactions to steal a user’s funds.
Uniswap Avoids dangers and fixes new features
According to the security firm, the vulnerability was unintentionally implemented with the Universal Router. This component allows Uniswap users to trade ERC-20 tokens and non-fungible tokens “in a single swap router”.
In other words, Uniswap users can streamline their operations and use multiple tokens and NFTs Trade in a single transaction, saving time and money. This new component also allows users to transfer funds to third parties.
If the vulnerability was present, a user could send a transaction to a third party, and the latter could have gained access to the sender’s funds. Dedaub stated the following:
(…) If at any point in the transmission third-party code is called (which is manifested by the composition of protocols), the code can enter the UniversalRouter again and temporarily claim all the tokens in the contract (…). The attacker must also implement code to re-enter the router (call execute) and wipe any token funds. The router may contain funds during the transaction due to other actions and transfers in a complex swap.
The Universal Router holds the sender’s funds while the transaction is completed. While this was happening, the funds were vulnerable and a bad actor could siphon them off by invoking certain commands like “Dispatch” with a “.TRANSFER” or “.Transfer”. “.SWEEP.”
The vulnerability could have allowed a malicious actor to “re-enter” a transaction using this command. Once inside, the attacker might have been able to pull “the entire amount” from the sender’s wallet.
The security firm added the following to the “endless scenarios” in which the vulnerability could have been exploited:
If untrusted code is invoked at any point in the transmission, the code can re-enter the UniversalRouter and claim any tokens already in the UniversalRouter contract. Such tokens may exist, for example, because the user intends to later purchase an NFT or transfer tokens to a second recipient, or because the user trades a larger amount than needed and intends to “sweep” the rest for themselves at the end. the UniversalRouter call. And there is no shortage of scenarios where an untrusted recipient can be called (…).
Ethereum DEX Grants $3 Million Bug Bounty
In December 2022, Uniswap introduced the Universal Router as part of their new NFT compatibility. Back then, Uniswap Labs announced a $3 million bounty program. Dedaub was granted this amount for their bug report on the new component.
The company celebrated the reward and the fact that a bad actor never exploited the vulnerability. In addition, the security company was “the only bug report that the Uniswap acted on.”
2022 was a difficult year for crypto and risk assets as macroeconomic forces played against the emerging sector. Users faced hurdles beyond falling prices as hackers and bad actors stole billions from the industry.
Source: chain analysis
Data from on-chain analytics firm Chainalysis claims that bad actors stole over $26 billion from 2017 to 2021 alone cryptocurrency have received. It remains to be seen whether 2023 will continue or weaken this trend.
UNI is trading sideways on the daily chart. Source: UNIUSDT trade view
As of this writing, UNI is trading at $5.70 with sideways movement on the daily chart.
Source: Crypto News Deutsch