Uniswap (UNI) Critical Vulnerability Disclosed, Funds Safe?


article image

Vladislav Sopov

Dedaub cybersecurity experts unveiled critical bug in Uniswap (UNI), largest noncustodial crypto exchange

Contents

Dedaub, a blockchain-focused cybersecurity team, shared the design of a possible attack on the funds in Uniswap’s Universal Router, a new-gen mechanism that allows users to move NFTs and cryptocurrencies together.

Uniswap’s Universal Router can be drained

Uniswap (UNI) was exposed to a critical vulnerability after the activation of its Universal Router. The bug allowed a third party to inject the code and withdraw money during the process of routing.

The attack was possible as the router mechanism contains funds mid-transaction, and these funds can be withdrawn by an attacker. For instance, if account “A” transfers NFTs and then transfers funds to account “B,” the latter is theoretically able to “reenter” the router and drain the funds.

The cybersecurity researchers advised the Uniswap (UNI) team to implement a reentrance lock to the core execution of the new router and then redeploy this mechanism.

Uniswap (UNI) activated its Universal Router on Dec. 17, 2022. It significantly streamlined the processes of token swaps and made them more resource efficient.

Uniswap fixes bug, pays bug bounty

Dedaub experts announced that the Uniswap (UNI) team implemented the security fix before the router gained traction among users of the decentralized exchange. The emergency update was activated across all blockchains Uniswap (UNI) leverages currently.

All funds of new and existing Uniswap (UNI) users are 100% safe at this time. Also, Uniswap (UNI) paid the bug bounty to the experts that unveiled the dangerous vulnerability.

As covered by U.Today previously, in 2022, Uniswap (UNI) registered a whopping $620 billion in trading volume on its swap engine despite the bearish recession.

The platform handled 68 million transactions on the Ethereum (ETH) network only.

Source: https://u.today/uniswap-uni-critical-vulnerability-disclosed-funds-safe