The decentralized finance (DeFi) protocol Uniswap (UNI) missed a potential catastrophe: the blockchain security firm Dedaub found a critical flaw in one of the recent functionalities implemented on the protocol which has since been corrected.
A potential catastrophe avoided at Uniswap
Dedauba company specializing in blockchain security, has found a critical flaw in a decentralized exchange smart contract (DEX) Uniswap (UNITED).
The fault was located at the level of theUniversal Routera feature implemented last November by Uniswap, which allows users of the protocol to swap NFTs and tokens in a single transaction.
The Dedaub team has disclosed a Critical vulnerability to the Uniswap team!
Funds are safe – Uniswap addressed the issue and redeployed the Universal Router smart contracts on all its chains 👏
The vulnerability allows re-entertrancy to drain the user’s funds, mid-tx.
— Dedaub (@dedaub) January 2, 2023
According to Dedaub, the code for the Universal Router function did not include a “lock” function to prevent a malicious third party operate code during a transaction being processed on Uniswap.
🎙️ Listen to this article and all the crypto news on Spotify
Progress in the world of cryptocurrencies with Cryptoast experts 📘
Therefore, without this security measure, a seasoned hacker could have intercepted assets being transferred for a certain period of time in the relevant smart contract. According to Dedaub, however, this only concerned the assets immobilized in the smart contract.
The flaw having been reported as quickly as possible by the Dedaub teams, Uniswap teams instantly fixed this unintentional error and rewarded the blockchain security firm with a bug bounty of 40,000 USDC.
Uniswap initially classified this error as “medium” severity as it required a user to complete a transaction that included both tokens and at least one NFT intended for a stranger or an untrustworthy personwhich indeed seems unlikely.
Rewards of this type are now commonplace within the cryptocurrency ecosystem, whether they are decentralized projects or not. Taking place, this allows the different infrastructures to optimize their security although they have recourse to audit firms, which is not always sufficient.
👉 In the DeFi news – SushiSwap stops its lending service and its launchpad
Trade on the leading DEX
⛓️ A platform at the heart of DeFi
Newsletter 🍞
Receive a summary of crypto news every Monday by email 👌
What you need to know about affiliate links. This page presents assets, products or services relating to investments. Some links in this article are affiliated. This means that if you buy a product or register on a site from this article, our partner pays us a commission. This allows us to continue to offer you original and useful content. There is no impact on you and you can even get a bonus by using our links.
Investments in cryptocurrencies are risky. Cryptoast is not responsible for the quality of the products or services presented on this page and could not be held responsible, directly or indirectly, for any damage or loss caused following the use of a good or service highlighted in this article. Investments related to crypto-assets are risky by nature, readers should do their own research before taking any action and only invest within the limits of their financial capabilities. This article does not constitute investment advice.
AMF recommendations. There is no guaranteed high return, a product with high return potential involves high risk. This risk-taking must be in line with your project, your investment horizon and your ability to lose part of this savings. Do not invest if you are not ready to lose all or part of your capital.
To go further, read our Financial Situation, Media Transparency and Legal Notices pages.
Passionate about the world of decentralized finance and the novelties brought by Web 3.0, I write articles for Cryptoast to help make blockchain more accessible to everyone. Convinced that cryptocurrencies will change the future very soon.
Maximilien Prue
534 items
