How Uniswap Was Saved From Critical Vulnerability By This Security Firm

2 years ago

Security steadfast Dedaub discovered and disclosed a captious vulnerability connected the fashionable Ethereum decentralized speech Uniswap. The squad down the protocol fixed the bug, and the affected components were successfully redeployed—otherwise, an attacker could person tempered with transactions to bargain a user’s funds.

Uniswap Avoids Danger And Fixes New Features

According to the information firm, the vulnerability was unintentionally implemented with the Universal Router. This constituent allows Uniswap users to commercialized ERC-20 tokens and non-fungible tokens “into a azygous swap router.”

In different words, Uniswap users tin optimize their operations and commercialized aggregate tokens and NFTs successful a azygous transaction, redeeming clip and money. This caller constituent besides allows users to transportation funds to 3rd parties.

When the vulnerability was in-placed, a idiosyncratic could nonstop a transaction to a 3rd party, and the second could person gained entree to the sender’s funds. Dedaub explained the following:

(…) if third-party codification is invoked astatine immoderate constituent successful the transportation (which manifests itself owed to creation of protocols), the codification tin reenter the UniversalRouter and assertion immoderate tokens temporarily successful the declaration (…). The attacker besides needs to instrumentality codification to reenter the router (calling execute) and expanse each token amounts. The router whitethorn incorporate funds mid-transaction owed to different actions and transfers successful a analyzable swap.

The Universal Router clasp the sender’s funds portion the transaction is completed. While this happened, the funds were vulnerable, and a atrocious histrion could drain them by calling circumstantial commands specified arsenic “dispatch” with a “.TRANSFER” or. “.SWEEP.”

The vulnerability could person allowed a atrocious histrion to “re-entered” a transaction utilizing this command. Once inside, the attacker could person been capable to “drain the full amount” from the sender’s wallet.

The information steadfast added the pursuing connected the “endless scenarios” wherever the vulnerability could person been exploited:

If untrusted codification is invoked astatine immoderate constituent successful the transfer, the codification tin re-enter the UniversalRouter and assertion immoderate tokens already successful the UniversalRouter contract. Such tokens can, for instance, beryllium due to the fact that the idiosyncratic intends to aboriginal bargain an NFT, oregon transportation tokens to a 2nd recipient, oregon due to the fact that the idiosyncratic swaps a larger magnitude than needed and intends to “sweep” the remainder to themselves astatine the extremity of the UniversalRouter call. And determination is nary shortage of scenarios successful which an untrusted recipient whitethorn beryllium called (…).

Ethereum DEX Grants $3 Million In Bug Bounty

In December 2022, Uniswap launched the Universal Router arsenic portion of their caller NFT compatibility. At that time, Uniswap Labs announced a $3 cardinal bounty program. Dedaub was granted this magnitude for their bug study connected the caller component.

The steadfast celebrated the reward and the information that a atrocious histrion ne'er exploited the vulnerability. In addition, the information steadfast was “the lone bug study that Uniswap acted upon.”

2022 was a troublesome twelvemonth for crypto and risk-on assets, portion macroeconomic forces played against the nascent sector. Users experienced hurdles beyond declining prices arsenic hackers and atrocious actors took billions from the industry.

Data from on-chain analytics steadfast Chainalysis claims that atrocious actors person received implicit $26 cardinal successful cryptocurrency from 2017 to 2021 alone. It remains to beryllium seen if 2023 volition widen oregon mitigate this trend.