Uniswap (UNI) Critical Vulnerability Disclosed, Funds Safe?

Vladislav Sopov

Dedaub cybersecurity experts unveiled critical bug in Uniswap (UNI), largest noncustodial crypto exchange

Uniswap's Universal Router can be drained
Uniswap fixes bug, pays bug bounty

News

Wed, 4/01/2023 - 14:17

Uniswap (UNI) Critical Vulnerability Disclosed, Funds Safe?

Cover image via www.freepik.com

Read U.TODAY on

Google News

Dedaub, a blockchain-focused cybersecurity team, shared the design of a possible attack on the funds in Uniswap's Universal Router, a new-gen mechanism that allows users to move NFTs and cryptocurrencies together.

Uniswap's Universal Router can be drained

Uniswap (UNI) was exposed to a critical vulnerability after the activation of its Universal Router. The bug allowed a third party to inject the code and withdraw money during the process of routing.

The Dedaub team has disclosed a Critical vulnerability to the Uniswap team!

Funds are safe - Uniswap addressed the issue and redeployed the Universal Router smart contracts on all its chains 👏

The vulnerability allows re-entertrancy to drain the user's funds, mid-tx.

🧵 pic.twitter.com/wFSFsohPvy
— Dedaub (@dedaub) January 2, 2023

The attack was possible as the router mechanism contains funds mid-transaction, and these funds can be withdrawn by an attacker. For instance, if account "A" transfers NFTs and then transfers funds to account "B," the latter is theoretically able to "reenter" the router and drain the funds.

The cybersecurity researchers advised the Uniswap (UNI) team to implement a reentrance lock to the core execution of the new router and then redeploy this mechanism.

HOT Stories

Pavel Durov Reveals Case of New Telegram Millionaire Emerging in Just 20 Days

'Time Will Tell': Binance Bosses Add Intrigue to Bitcoin Mania at $97,000

Ethereum (ETH) to $6,000? Top Analyst Shares Crucial Chart

DOGE Founder Says Bitcoin Growth Dwarfs ‘Everything Else’ But What About Dogecoin?

Uniswap (UNI) activated its Universal Router on Dec. 17, 2022. It significantly streamlined the processes of token swaps and made them more resource efficient.

Uniswap fixes bug, pays bug bounty

Dedaub experts announced that the Uniswap (UNI) team implemented the security fix before the router gained traction among users of the decentralized exchange. The emergency update was activated across all blockchains Uniswap (UNI) leverages currently.

All funds of new and existing Uniswap (UNI) users are 100% safe at this time. Also, Uniswap (UNI) paid the bug bounty to the experts that unveiled the dangerous vulnerability.

As covered by U.Today previously, in 2022, Uniswap (UNI) registered a whopping $620 billion in trading volume on its swap engine despite the bearish recession.