Blockchain security firm Dedaub found a “critical vulnerability” in a Uniswap smart contract, which has since been addressed and redeployed.
In a Jan. 3 update, Dedaub said it had disclosed a vulnerability with the Universal Router smart contracts that would allow re-entrancy to drain user funds in the middle of a transaction. A re-entrancy attack takes place when a bad actor creates an external smart contract with malicious code to interact with and exploit a vulnerable smart contract and steal funds in a looped fashion over and over again.
Echipa Dedaub a dezvăluit o vulnerabilitate critică echipei Uniswap!
Fondurile sunt în siguranță – Uniswap a abordat problema și a redistribuit contractele inteligente Universal Router pe toate lanțurile sale 👏
Vulnerabilitatea permite reintrării să scurgă fondurile utilizatorului, mid-tx.
— Dedaub (@dedaub) Ianuarie 2, 2023
The Universal Router is a fairly new smart contract that was introdus by Uniswap Labs in November. It functions by grouping NFT trades and ERC-20 tokens into a gas optimized-router and lets users swap multiple tokens on Uniswap and buy NFTs across marketplaces in a single transaction.
“If untrusted code is invoked at any point in the transfer, the code can re-enter the UniversalRouter and claim any tokens already in the UniversalRouter contract,” explained Dedaub founder Yannis Smaragdakis in a blog.
Dedaub received a bug bounty of $40,000 worth of USDC from Uniswap after reporting the bug. The Uniswap team has addressed the issue and implemented a fix on the contract, a spus the security firm.
Although Dedaub described the bug as critical, Uniswap clasificate it as a “medium severity” issue in a message to the security firm. At the time of writing, the Uniswap team had not issued any statements of its own on a public platform addressing the bug.
- Bitcoin
- blockchain
- respectarea blockchain-ului
- conferință blockchain
- Securitate Blockchain
- Bug
- coinbase
- coingenius
- Consens
- cripto
- conferință cripto
- cripto miniere
- cryptocurrency
- descentralizată
- DEFI
- Dex
- Active digitale
- ethereum
- masina de învățare
- buletine de știri
- jeton non-fungibil
- Plato
- platoul ai
- Informații despre date Platon
- Platoblockchain
- PlatoData
- platogaming
- Poligon
- dovada mizei
- dezlantuita
- uniswap
- W3
- zephyrnet