Bitcoin
Bitcoin (BTC)
$77,626.00 -0.64116
Bitcoin price
Ethereum
Ethereum (ETH)
$2,318.42 -0.01561
Ethereum price
XRP
XRP (XRP)
$1.43 -0.21666
XRP price
BNB
BNB (BNB)
$637.45 0.11935
BNB price
Solana
Solana (SOL)
$86.32 0.48362
Solana price
Hyperliquid
Hyperliquid (HYPE)
$41.19 0.03511
Hyperliquid price
Cardano
Cardano (ADA)
$0.251151 0.43339
Cardano price
Chainlink
Chainlink (LINK)
$9.42 0.85588
Chainlink price
POL (ex-MATIC)
POL (ex-MATIC) (POL)
$0.092536 -1.92317
POL (ex-MATIC) price
Toncoin
Toncoin (TON)
$1.34 0.53264
Toncoin price
Asteroid Shiba
Asteroid Shiba (ASTEROID)
$0.0002718 -6.99972
Asteroid Shiba price
Bitcoin
Bitcoin (BTC)
$77,626.00 -0.64116
Bitcoin price
Ethereum
Ethereum (ETH)
$2,318.42 -0.01561
Ethereum price
XRP
XRP (XRP)
$1.43 -0.21666
XRP price
BNB
BNB (BNB)
$637.45 0.11935
BNB price
Solana
Solana (SOL)
$86.32 0.48362
Solana price
Hyperliquid
Hyperliquid (HYPE)
$41.19 0.03511
Hyperliquid price
Cardano
Cardano (ADA)
$0.251151 0.43339
Cardano price
Chainlink
Chainlink (LINK)
$9.42 0.85588
Chainlink price
POL (ex-MATIC)
POL (ex-MATIC) (POL)
$0.092536 -1.92317
POL (ex-MATIC) price
Toncoin
Toncoin (TON)
$1.34 0.53264
Toncoin price
Asteroid Shiba
Asteroid Shiba (ASTEROID)
$0.0002718 -6.99972
Asteroid Shiba price
Bitcoin
Bitcoin (BTC)
$77,626.00 -0.64116
Bitcoin price
Ethereum
Ethereum (ETH)
$2,318.42 -0.01561
Ethereum price
XRP
XRP (XRP)
$1.43 -0.21666
XRP price
BNB
BNB (BNB)
$637.45 0.11935
BNB price
Solana
Solana (SOL)
$86.32 0.48362
Solana price
Hyperliquid
Hyperliquid (HYPE)
$41.19 0.03511
Hyperliquid price
Cardano
Cardano (ADA)
$0.251151 0.43339
Cardano price
Chainlink
Chainlink (LINK)
$9.42 0.85588
Chainlink price
POL (ex-MATIC)
POL (ex-MATIC) (POL)
$0.092536 -1.92317
POL (ex-MATIC) price
Toncoin
Toncoin (TON)
$1.34 0.53264
Toncoin price
Asteroid Shiba
Asteroid Shiba (ASTEROID)
$0.0002718 -6.99972
Asteroid Shiba price
Bitcoin
Bitcoin (BTC)
$77,626.00 -0.64116
Bitcoin price
Ethereum
Ethereum (ETH)
$2,318.42 -0.01561
Ethereum price
XRP
XRP (XRP)
$1.43 -0.21666
XRP price
BNB
BNB (BNB)
$637.45 0.11935
BNB price
Solana
Solana (SOL)
$86.32 0.48362
Solana price
Hyperliquid
Hyperliquid (HYPE)
$41.19 0.03511
Hyperliquid price
Cardano
Cardano (ADA)
$0.251151 0.43339
Cardano price
Chainlink
Chainlink (LINK)
$9.42 0.85588
Chainlink price
POL (ex-MATIC)
POL (ex-MATIC) (POL)
$0.092536 -1.92317
POL (ex-MATIC) price
Toncoin
Toncoin (TON)
$1.34 0.53264
Toncoin price
Asteroid Shiba
Asteroid Shiba (ASTEROID)
$0.0002718 -6.99972
Asteroid Shiba price

UniSwap Universal Router was vulnerable to re-entrancy attacks

Adam Robertson
By
Nicholas Ross Say
Edited by
News
UniSwap Universal Router was vulnerable to re-entrancy attacks

Dedaub’s team recently disclosed a vulnerability on UniSwap contracts that could’ve endangered some users.

The UniSwap vulnerability

In a recent tweet, Dedaub disclosed that they discovered a bug on UniSwap contracts and informed them of the vulnerability. When the feedback was received, “UniSwap addressed the issue and redeployed the Universal Router smart contracts on all its chains.”

According to the Tweet by Dedaub, this vulnerability paved the way for re-entrancy attacks, which would drain users’ funds. The Dedaub team explained how an attacker/s would use this vulnerability.

The birth of this vulnerability stems back to November when UniSwap introduced its Universal Router. This router unifies NFT and ERC-20 swapping to a single swap router. The aim was to help users perform multiple actions like swapping multiple NFTs and tokens in one transaction. 

When used correctly, the Universal Router commands will send the specified amount to the specified recipient. However, if a third-party code is called during the transfer, it can re-enter the router and claim tokens in the contract. This is mainly because the Universal Router held balances between transactions. 

In their Proof-of-Concept, the Dedaub team noted that the attacker could add a SWEEP command for all tokens remaining after the initial amounts are sent. As part of the transaction, the recipient could quickly drain the entire amount.

Uniswap’s team acted fast

Dedaub’s team instantly informed the UniSwap team of the possibility of such an attack. They advised Uniswap’s team to embed a reentrancy lock in their new router before deploying. 

Uniswap dealt with the issue instantly, making the necessary adjustments before adopting the contract. Uniswap awarded the Dedaub team a $40 thousand bug bounty to show their commitment to individuals’ security. However, the Uniswap team assessed the problem as a high-impact but low-likelihood event. Hence, this could occur in very complex scenarios.

The DEX protocol UniSwap is generally familiar with re-entrancy attacks. In 2020, reports emerged that the DEX, together with Lendf.me, lost $25 million in a simple re-entrancy attack. The network has also suffered other attacks like hacking. In July 2022, hackers nabbed $8 million in ETH using a phishing attack.

Deep Dives

U.S. Capitol under deadline for CLARITY Act vote
Follow-up
Read more - CLARITY Act deadline turns into Congress’s last real shot at crypto rules

CLARITY Act deadline turns into Congress’s last real shot at crypto rules

The latest trends & technologies in crypto crime | Opinion - 1
Opinion
Read more - The latest trends & technologies in crypto crime | Opinion

The latest trends & technologies in crypto crime | Opinion

CZ holding Freedom of Money memoir cover
Feature
Read more - CZ’s prison‑born ‘Freedom of Money’ lights up crypto’s fault lines

CZ’s prison‑born ‘Freedom of Money’ lights up crypto’s fault lines

SCRYPT co‑founder discussing institutional crypto operating system
Feature
Read more - Inside SCRYPT’s bid to be the OS for institutional crypto

Inside SCRYPT’s bid to be the OS for institutional crypto

Arthur Breitman presenting Tezos periodic table commodities vision
Feature
Read more - From uranium to rare earths: Tezos’ bid to tokenize the elements

From uranium to rare earths: Tezos’ bid to tokenize the elements

Crypto market recap: What happened today?
News
Read more - Crypto market recap: What happened today?

Crypto market recap: What happened today?

SEC & CFTC issued regulatory clarity | Opinion - 2
Opinion
Read more - SEC & CFTC issued regulatory clarity | Opinion

SEC & CFTC issued regulatory clarity | Opinion

Drift Protocol $285m Solana DeFi social engineering hack.
Feature
Read more - Drift Protocol’s $285m hack exposes social engineering threat to Solana DeFi

Drift Protocol’s $285m hack exposes social engineering threat to Solana DeFi

Solana SOL Solana
Pearl AI agents trading on Polymarket dashboard
Interviews
Read more - Pearl, prediction markets and the long tail of AI liquidity

Pearl, prediction markets and the long tail of AI liquidity

Coinbase prediction markets trading interface screenshot
Feature
Read more - Inside Coinbase’s push to bring prediction markets on chain and on venue

Inside Coinbase’s push to bring prediction markets on chain and on venue

Related News

Uniswap deploys v2, v3 and v4 on Consensys’ Linea zkEVM Layer 2.
News
Read more - Uniswap brings v2, v3 and v4 to Consensys’ Linea zkEVM

Uniswap brings v2, v3 and v4 to Consensys’ Linea zkEVM

Uniswap UNI Uniswap
Uniswap price charts bearish crossover as network fees decline, will it crash?
Markets
Read more - Uniswap price charts bearish crossover as network fees decline, will it crash?

Uniswap price charts bearish crossover as network fees decline, will it crash?

Uniswap UNI Uniswap
Chart showing Uniswap price
Markets
Read more - Uniswap price rebounds toward $4 as judge dismisses 4-year scam-token lawsuit

Uniswap price rebounds toward $4 as judge dismisses 4-year scam-token lawsuit

Uniswap UNI Uniswap
Advertise