The decentralized finance (DeFi) protocol Uniswap (UNI) missed a potential disaster: Blockchain security firm Dedaub found a critical flaw in one of the recent features implemented on the protocol that has since been patched.
A potential catastrophe avoided by Uniswap
Dedauba company specializing in blockchain security, found a critical flaw in a decentralized trading smart contract (DES) uniswap (UNITED).
The fault was localized at the level of theUniversal routerfeature implemented last November by Uniswap, which allows users of the protocol to trade NFTs and tokens in a single transaction.
The Dedaub team disclosed a critical vulnerability to the Uniswap team!
Funds are safe – Uniswap has addressed the issue and redistributed Universal Router smart contracts across its chains 👏
Vulnerability allows reentry to drain user funds, mid-tx.
— Dedaub (@dedaub) January 2, 2023
According to Dedaub, the code for the Universal Router feature did not include a “lockout” feature to prevent a malicious third party operate the code during a transaction being processed on Uniswap.
🎙️ Listen to this article and all the crypto news on Spotify
Progress in the world of cryptocurrencies with Cryptoast experts 📘
Therefore, without this security measure, a skilled hacker could have intercepted the transferred assets for a certain period of time in the related smart contract. According to Dedaub, however, this only concerned the assets immobilized in the smart contract.
The defect was reported as quickly as possible by the Dedaub teams, Uniswap teams fixed this unintentional error immediately and awarded blockchain security company with a bug bounty of 40,000 USDC.
Uniswap initially rated this error as “medium” as it required a user to complete a transaction that included both tokens and at least one NFT intended for a stranger or an unreliable personwhich indeed seems unlikely.
Rewards of this type are now commonplace within the cryptocurrency ecosystem, whether they are decentralized projects or not. To take place, this allows the different infrastructures to optimize their security while resorting to auditing firms, which is not always sufficient.
👉 In DeFi news – SushiSwap discontinues its lending service and launchpad
Trade the leading DEX
⛓️ A platform at the heart of DeFi
Receive a roundup of cryptocurrency news every Monday by email 👌
What you need to know about affiliate links. This page features investment related goods, products or services. Some links in this article are affiliated. This means that if you buy a product or register on a site from this article, our partner pays us a commission. This allows us to continue to offer you original and useful content. There is no impact on you and you can even get a bonus using our links.
Investing in cryptocurrencies is risky. Cryptoast is not responsible for the quality of the products or services presented on this page and cannot be held responsible, directly or indirectly, for any damage or loss caused as a result of using a good or service highlighted in this article. Investments related to crypto-assets are risky in nature, readers should do their own research before taking any action and only invest within the limits of their financial capabilities. This article does not constitute investment advice.
MFA recommendations. A high return is not guaranteed, a product with a high return potential carries a high risk. This risk-taking must be in line with your project, your investment horizon and your ability to lose some of these savings. Do not invest if you are not ready to lose all or part of your capital.
Read more on our Financials, Media Transparency and Legal Notices pages.