UniSwap Universal Router Was Vulnerable to Re-Entrance Attack

Dedaub’s team recently revealed a vulnerability on UniSwap contracts that could put some users at risk.

UniSwap Vulnerability

In a recent tweet, ddobb revealed that he discovered a bug on UniSwap contracts and notified them of the vulnerability. Upon receiving a response, “Uniswap has addressed this issue and redeployed Universal Router Smart Contracts to all of its on-chain.”

according to Tweet by didob, This vulnerability paved the way for re-entry attacks, which would lead to the extortion of users’ funds. The Dedob team explained how an attacker would exploit this vulnerability.

The birth of this vulnerability dates back to November when UniSwap introduces its universal router, This router integrates NFT and ERC-20 swapping into a single swap router. It was intended to help users perform multiple operations such as swapping multiple NFTs and tokens in one transaction.

When used correctly, the Universal Router command will send the specified amount of money to the specified recipient. However, if a third-party code is called during the transfer, it can re-enter the router and claim the tokens in the contract. This is mainly because the Universal Router balances between transactions.

In their proof-of-concept, the Dedob team noted that an attacker could add a SWEEP command to all tokens remaining after the initial amount was sent. As part of the transaction, the payee can quickly withdraw the entire amount.

Uniswap team acted fast

Dedaub’s team immediately informed the UniSwap team about the possibility of such an attack. He advised the Uniswap team to embed a reentrancy lock in their new router before deploying.

Uniswap quickly addressed the issue, making the necessary adjustments before adopting the contract. Uniswap rewards Dedaub $40k bug bounty to the team to show their commitment to keeping people safe. However, the Uniswap team assessed the issue as a high impact but low probability event. Therefore, it can happen in very complex scenarios.

DEX Protocol UniSwap Generally familiar with re-entry attacks. In 2020, reports emerged that the DEX, along with Lendf.me, lost $25 million in a simple re-entrancy attack. The network has also faced other attacks such as hacking. Hackers grabbed $ 8 million in July 2022 ETH Using phishing attack.

Follow us on Google News

#UniSwap #Universal #Router #Vulnerable #ReEntrance #Attack



Leave a Reply

Your email address will not be published. Required fields are marked *