Invest In Crypto News
  • Home
  • Latest News
    • Bitcoin News
    • Altcoin News
    • Ethereum News
    • Blockchain News
    • Doge News
    • NFT News
    • Video
    • Market Analysis
    • Business
    • Finance
    • Politics
    • Mining
    • Regulation
    • Technology
  • Top 10 Cryptos
  • Market Cap List
  • IC DAO
  • Donations
  • Contact
  • Buy Crypto
  • IC DAO
No Result
View All Result
Invest In Crypto News
  • Home
  • Latest News
    • Bitcoin News
    • Altcoin News
    • Ethereum News
    • Blockchain News
    • Doge News
    • NFT News
    • Video
    • Market Analysis
    • Business
    • Finance
    • Politics
    • Mining
    • Regulation
    • Technology
  • Top 10 Cryptos
  • Market Cap List
  • IC DAO
  • Donations
  • Contact
  • Buy Crypto
  • IC DAO
No Result
View All Result
Invest In Crypto News
No Result
View All Result

DeFi auditor nets $40,000 for identifying Uniswap vulnerability

CryptoExpert by CryptoExpert
January 4, 2023
in NFT News
0
DeFi auditor nets $40,000 for identifying Uniswap vulnerability
  • Facebook
  • Twitter
  • Pinterest



You might also like

Hedera-Based Bonzo Lend Loses $9 Million in Oracle Exploit

World.xyz’s Robinhood Chain Joke Goes Viral Across Solana X

SWIFT Launches Blockchain-Based Ledger for 24/7 Cross-Border Payments, Pilots With 17 Global Banks Using Tokenized Deposits

Uniswap’s recently launched bug bounty program has led to the discovery of a now-fixed vulnerability of the protocol’s Universal Router smart contract.

The automated market maker released two new smart contracts to its platform in November 2022. Permit2 allows token approvals to be shared and managed across different applications, while Universal Router unifies ERC-20 and nonfungible tokens (NFTs) swapping into a single swap router.

Uniswap also advertised a lucrative bug bounty program to identify potential vulnerabilities in its smart contracts toward the end of 2022 as it looked to assure the safety and efficacy of its protocol.

Smart contract security and auditing firm Dedaub announced that it had received a bug bounty after flagging a vulnerability in the Universal Router smart contract that would have allowed reentrancy to drain user funds mid-transaction.

okex

The Dedaub team has disclosed a Critical vulnerability to the Uniswap team!

Funds are safe – Uniswap addressed the issue and redeployed the Universal Router smart contracts on all its chains

The vulnerability allows re-entertrancy to drain the user’s funds, mid-tx.

pic.twitter.com/wFSFsohPvy

— Dedaub (@dedaub) January 2, 2023

According to Dedaub’s breakdown, the Universal Router allows users to perform diverse actions including swapping multiple tokens and NFTs in one transaction.

The router embeds a scripting language for a wide variety of token actions, which could include transfers to third party recipients. If correctly implemented, transfers would go to the recipient within specified parameters.

Related: Immunefi says it has facilitated $66M in bug bounties since inception 

However, Dedaub identified a vulnerability in which a third-party code was invoked during the transfer, allowing the code to re-enter the Universal Router and claim any tokens that were temporarily in the contract.

Dedaub then suggested a straightforward remedy, advising the Uniswap team to add a reentrancy lock to the core execution of the new router. Uniswap awarded the auditing firm a total of $40,000 for flagging the vulnerability. The amount included a 33% bonus for reporting the issue during Uniswap’s bonus period in November 2022.

Uniswap classified the issue as medium severity, while further assessment deemed the vulnerability to have a high impact and low likelihood. According to Dedaub, the possibility of a user sending NFTs to an untrusted recipient directly was considered a user error.

More complex and less likely scenarios were considered valid for reentrancy, which resulted in Uniswap deeming the vector to have a low likelihood. Cointelegraph has reached out to Uniswap to ascertain further details of its ongoing bounty program, amounts paid out and the number of bugs identified to date.

Bug bounties have become commonplace in the cryptocurrency and blockchain space as platforms and companies look to ensure the security of their software, systems and infrastructure. 

Cryptocurrency exchange Coinbase recently clarified the terms of its bug bounty, while blockchain security firm Immunefi has facilitated over $65 million worth of bug bounties between ethical hackers and Web3 firms in 2022.





Source link

  • Facebook
  • Twitter
  • Pinterest
CryptoExpert

CryptoExpert

Recommended For You

Hedera-Based Bonzo Lend Loses $9 Million in Oracle Exploit

by CryptoExpert
July 13, 2026
0
logo

Bonzo Lend, a lending protocol on the Hedera mainnet, has paused operations following an oracle exploit on July 11, 2026, resulting in an estimated loss of $9 million....

Read more

World.xyz’s Robinhood Chain Joke Goes Viral Across Solana X

by CryptoExpert
July 12, 2026
0
logo

In less than a week since its launch, World.xyz (World), a prediction platform on Solana, has transformed from a relatively unknown name on Solana into one of the...

Read more

SWIFT Launches Blockchain-Based Ledger for 24/7 Cross-Border Payments, Pilots With 17 Global Banks Using Tokenized Deposits

by CryptoExpert
July 11, 2026
0
logo

Swift, the cooperative behind the world’s dominant financial messaging network, announced on July 9, 2026 that its blockchain-based ledger has moved from pilot concept to operational readiness, opening...

Read more

Maczo Highlights Crypto-Ready Gaming for Digital Asset Users

by CryptoExpert
July 10, 2026
0
logo

Maczo is highlighting the growing role of digital asset payments in online gaming as more users look for faster, clearer, and more flexible ways to access entertainment platforms....

Read more

Vanguard Seeks Digital Assets Chief After Years of Crypto Caution

by CryptoExpert
July 9, 2026
0
logo

Vanguard has opened its first-ever search for a Head of Digital Assets, a senior hire that would put a single executive in charge of the roughly $12 trillion...

Read more
Next Post
MOST IMPORTANT HISTORICAL SIGNAL SHOWS WHEN HUGE BITCOIN PUMP WILL HAPPEN

MOST IMPORTANT HISTORICAL SIGNAL SHOWS WHEN HUGE BITCOIN PUMP WILL HAPPEN

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Browse by Category

  • Altcoin News
  • Bitcoin News
  • Blockchain News
  • Business
  • Doge News
  • Ethereum News
  • Finance
  • Market Analysis
  • Mining
  • NFT News
  • Politics
  • Regulation
  • Technology
  • Trending Cryptos
  • Video

Sitemap

  • Market Cap
  • Donations
  • Trading
  • Mining
  • Contact

Legal Information

  • Privacy Policy
  • Anti-Spam Policy
  • Copyright Notice
  • DMCA Compliance
  • Social Media Disclaimer
  • Terms Of Service

Categories

  • Altcoin News
  • Bitcoin News
  • Blockchain News
  • Business
  • Doge News
  • Ethereum News
  • Finance
  • Market Analysis
  • Mining
  • NFT News
  • Politics
  • Regulation
  • Technology
  • Trending Cryptos
  • Video

© Copyright 2024 InvestInCryptoNews.com

No Result
View All Result
  • Home
  • Latest News
    • Bitcoin News
    • Altcoin News
    • Ethereum News
    • Blockchain News
    • Doge News
    • NFT News
    • Video
    • Market Analysis
    • Business
    • Finance
    • Politics
    • Mining
    • Regulation
    • Technology
  • Top 10 Cryptos
  • Market Cap List
  • IC DAO
  • Donations
  • Contact
  • Buy Crypto
  • IC DAO

© Copyright 2024 InvestInCryptoNews.com

This website is using cookies to improve the user-friendliness. You agree by using the website further.

Privacy policy
bitcoin
Bitcoin (BTC) $ 62,612.00
ethereum
Ethereum (ETH) $ 1,782.91
tether
Tether (USDT) $ 0.998838
bnb
BNB (BNB) $ 569.17
usd-coin
USDC (USDC) $ 0.999903
xrp
XRP (XRP) $ 1.07
solana
Solana (SOL) $ 75.16
tron
TRON (TRX) $ 0.32479
figure-heloc
Figure Heloc (FIGR_HELOC) $ 1.03
staked-ether
Lido Staked Ether (STETH) $ 2,265.05

Pin It on Pinterest

Are you sure want to unlock this post?
Unlock left : 0
Are you sure want to cancel subscription?