Security

Security firm Debaub finds critical vulnerability in Uniswap smart contract

04.01.2023
0 19

Security auditing firm Debaub received a Uniswap «bug bounty» worth $40,000 after discovering a critical vulnerability in a smart contract on the protocol.

The vulnerability was found in Uniswap’s Universal Router contract, a new technology and scripting language that allows users to swap multiple tokens for NFTs in one transaction.

Debaub said on Twitter that the vulnerability could have allowed someone to implement third-party code during a transfer and steal funds.

“Clearly, the UniversalRouter should not hold any balances between transactions, or these can be emptied by anyone,” founder of Debaub Yannis Smaragdakis wrote.

The UniversalRouter contract is capable of performing several transaction commands in a row on the back end, which improves the user experience. Debaub found that the contract did not have what is known as a re-entrancy lock, which mitigates hackers from making additional commands during transfers that would allow them to steal funds.

Debaub said it received immediate confirmation from the Uniswap team a few weeks ago when it first found the vulnerability. It received $40,000 in USDC for the discovery of the bug.

   

Source

Click to rate this post!
[Total: 0 Average: 0]
04.01.2023
0 19
Показать больше

Добавить комментарий

  • bitcoinBitcoin (BTC) $ 67,101.00
  • ethereumEthereum (ETH) $ 3,115.12
  • tetherTether (USDT) $ 0.999819
  • usd-coinUSDC (USDC) $ 0.999710
  • dogecoinDogecoin (DOGE) $ 0.154799
  • cardanoCardano (ADA) $ 0.479306
  • tronTRON (TRX) $ 0.122283
  • chainlinkChainlink (LINK) $ 16.57
  • bitcoin-cashBitcoin Cash (BCH) $ 492.31
  • matic-networkPolygon (MATIC) $ 0.706747
  • litecoinLitecoin (LTC) $ 83.99
  • daiDai (DAI) $ 0.998539
  • leo-tokenLEO Token (LEO) $ 5.89
  • ethereum-classicEthereum Classic (ETC) $ 28.47
  • hedera-hashgraphHedera (HBAR) $ 0.113555
  • crypto-com-chainCronos (CRO) $ 0.124559
  • cosmosCosmos Hub (ATOM) $ 8.49
  • stellarStellar (XLM) $ 0.107730
  • okbOKB (OKB) $ 50.13
  • blockstackStacks (STX) $ 2.05
  • makerMaker (MKR) $ 2,816.50
  • vechainVeChain (VET) $ 0.035144
  • moneroMonero (XMR) $ 135.42
  • theta-tokenTheta Network (THETA) $ 2.19
  • algorandAlgorand (ALGO) $ 0.179894
  • neoNEO (NEO) $ 15.50
  • gatechain-tokenGate (GT) $ 7.85
  • kucoin-sharesKuCoin (KCS) $ 9.76
  • eosEOS (EOS) $ 0.810664
  • tezosTezos (XTZ) $ 0.938913
  • havvenSynthetix Network (SNX) $ 2.66
  • iotaIOTA (IOTA) $ 0.214137
  • bitcoin-goldBitcoin Gold (BTG) $ 38.26
  • tether-goldTether Gold (XAUT) $ 2,415.74
  • true-usdTrueUSD (TUSD) $ 0.999924
  • 0x0x Protocol (ZRX) $ 0.587274
  • enjincoinEnjin Coin (ENJ) $ 0.324773
  • zilliqaZilliqa (ZIL) $ 0.023478
  • ravencoinRavencoin (RVN) $ 0.030176
  • siacoinSiacoin (SC) $ 0.007177
  • holotokenHolo (HOT) $ 0.002256
  • qtumQtum (QTUM) $ 3.70
  • basic-attention-tokenBasic Attention (BAT) $ 0.243608
  • zcashZcash (ZEC) $ 23.72
  • dashDash (DASH) $ 29.70
  • nemNEM (XEM) $ 0.038531
  • decredDecred (DCR) $ 20.51
  • ontologyOntology (ONT) $ 0.313899
  • liskLisk (LSK) $ 1.87
  • wavesWaves (WAVES) $ 2.50
  • iconICON (ICX) $ 0.229422
  • digibyteDigiByte (DGB) $ 0.011666
  • numeraireNumeraire (NMR) $ 27.64
  • nanoNano (XNO) $ 1.20
  • statusStatus (SNT) $ 0.037063
  • paxos-standardPax Dollar (USDP) $ 1.00
  • hiveHive (HIVE) $ 0.315526
  • steemSteem (STEEM) $ 0.276550
  • huobi-tokenHuobi (HT) $ 0.582940
  • omisegoOMG Network (OMG) $ 0.662766
  • binance-usdBUSD (BUSD) $ 0.996647
  • republic-protocolRen (REN) $ 0.060650
  • bytomBytom (BTM) $ 0.011447
  • bitcoin-diamondBitcoin Diamond (BCD) $ 0.076879
  • kyber-networkKyber Network Crystal Legacy (KNCL) $ 0.576739
  • augurAugur (REP) $ 1.17
  • energiEnergi (NRG) $ 0.111288
  • husdHUSD (HUSD) $ 0.045411