• News
    • Bitcoin
    • Altcoins
  • NFT
  • Metaverse
  • Analysis
  • Regulation
  • Learn
  • Market Cap
What's Hot

Animoca Denies $200M Metaverse Fund Cut

2023-03-27

Coinbase Chief Legal Officer Says SEC’s Wells Notice a Massive Overreach on Part of Regulator

2023-03-26

US Prosecutors Slam Terra (LUNA) Founder Do Kwon With Eight Counts of Fraud for 2022 Crypto Collapse

2023-03-26
Facebook Twitter Instagram
  • Contact
  • Terms & Conditions
  • Privacy Policy
  • DMCA
Facebook TikTok Instagram YouTube
CryptoNewsMetaverse
  • News
    • Bitcoin
    • Altcoins
  • NFT

    U.S. IRS Considers Taxing NFTs Like Other Collectibles

    2023-03-21

    Meta Shuts Down NFT Project to Focus on FinTech and Content

    2023-03-14

    Solana’s Solend V2 Release, Is SOL Price $50 Next?

    2023-03-06

    Amazon NFT Marketplace To Reportedly Launch Next Month

    2023-03-06

    Blur Coin Under Fire As Allegations Of Wash Trading Emerge

    2023-03-01
  • Metaverse

    Animoca Denies $200M Metaverse Fund Cut

    2023-03-27

    Metaverse Trading Hits All-Time High

    2023-03-24

    Exploring the Metaverse: A Guide to Investing in Metaverse Stocks

    2023-03-20

    A Guide to Virtual Land Staking in the Metaverse

    2023-03-20

    Nissan Doubles Down on Web3 Innovation

    2023-03-13
  • Analysis

    DOJ Officially Seizes Over $456,000,000 Worth of Robinhood Shares Tied to FTX Founder Sam Bankman-Fried

    2023-01-08

    Mark Cuban Makes Prediction on Next Crypto ‘Scandal,’ Warns of Potential Implosion if Exposed: Report

    2023-01-08

    Binance Listings Cause Crypto Assets To Spike an Average of 41%: New Research

    2023-01-08

    Bitcoin Whales Unloaded BTC As Market Reversed and Parked Their Profits in This Crypto Asset Class: Santiment

    2023-01-07

    Crypto Analyst Predicts Breakout for AI-Focused Altcoin, Updates Outlook on Ethereum and Lido DAO

    2023-01-07
  • Regulation

    Coinbase Chief Legal Officer Says SEC’s Wells Notice a Massive Overreach on Part of Regulator

    2023-03-26

    US Prosecutors Slam Terra (LUNA) Founder Do Kwon With Eight Counts of Fraud for 2022 Crypto Collapse

    2023-03-26

    Crypto Analyst Nicholas Merten Says Fed Money Printing Won’t Spark New Bitcoin (BTC) Rally – Here’s Why

    2023-03-26

    Bitcoin and Ethereum Investors Are Not Flinching, US Pressure on Crypto Will Backfire: Chris Burniske

    2023-03-26

    Billionaire Chamath Palihapitiya Predicts Corrosion of the Economy, Says Fed Rate Hike Could Cause Real Damage

    2023-03-26
  • Learn

    Chart Patterns Cheat Sheet For Technical Analysis

    2023-03-21

    Best NFT Wallets in 2023

    2023-03-21

    What are Dapps (Decentralized Applications) Crypto?

    2023-03-17

    How to Short Sell Bitcoin

    2023-03-17

    Why Decentralized Exchanges Are On Rise? Can INNODEX Surpass Binance and Uniswap?

    2023-03-15
  • Market Cap
CryptoNewsMetaverse
Home»DeFi auditor nets $40,000 for identifying Uniswap vulnerability

DeFi auditor nets $40,000 for identifying Uniswap vulnerability

2023-01-04No Comments3 Mins Read
Share
Facebook Twitter LinkedIn Pinterest Email

Uniswap’s recently launched bug bounty program has led to the discovery of a now-fixed vulnerability of the protocol’s Universal Router smart contract.

The automated market maker released two new smart contracts to its platform in November 2022. Permit2 allows token approvals to be shared and managed across different applications, while Universal Router unifies ERC-20 and nonfungible tokens (NFTs) swapping into a single swap router.

Uniswap also advertised a lucrative bug bounty program to identify potential vulnerabilities in its smart contracts toward the end of 2022 as it looked to assure the safety and efficacy of its protocol.

Smart contract security and auditing firm Dedaub announced that it had received a bug bounty after flagging a vulnerability in the Universal Router smart contract that would have allowed reentrancy to drain user funds mid-transaction.

The Dedaub team has disclosed a Critical vulnerability to the Uniswap team!

Funds are safe – Uniswap addressed the issue and redeployed the Universal Router smart contracts on all its chains

The vulnerability allows re-entertrancy to drain the user’s funds, mid-tx.

pic.twitter.com/wFSFsohPvy

— Dedaub (@dedaub) January 2, 2023

According to Dedaub’s breakdown, the Universal Router allows users to perform diverse actions including swapping multiple tokens and NFTs in one transaction.

The router embeds a scripting language for a wide variety of token actions, which could include transfers to third party recipients. If correctly implemented, transfers would go to the recipient within specified parameters.

Related: Immunefi says it has facilitated $66M in bug bounties since inception 

However, Dedaub identified a vulnerability in which a third-party code was invoked during the transfer, allowing the code to re-enter the Universal Router and claim any tokens that were temporarily in the contract.

Dedaub then suggested a straightforward remedy, advising the Uniswap team to add a reentrancy lock to the core execution of the new router. Uniswap awarded the auditing firm a total of $40,000 for flagging the vulnerability. The amount included a 33% bonus for reporting the issue during Uniswap’s bonus period in November 2022.

Uniswap classified the issue as medium severity, while further assessment deemed the vulnerability to have a high impact and low likelihood. According to Dedaub, the possibility of a user sending NFTs to an untrusted recipient directly was considered a user error.

More complex and less likely scenarios were considered valid for reentrancy, which resulted in Uniswap deeming the vector to have a low likelihood. Cointelegraph has reached out to Uniswap to ascertain further details of its ongoing bounty program, amounts paid out and the number of bugs identified to date.

Bug bounties have become commonplace in the cryptocurrency and blockchain space as platforms and companies look to ensure the security of their software, systems and infrastructure. 

Cryptocurrency exchange Coinbase recently clarified the terms of its bug bounty, while blockchain security firm Immunefi has facilitated over $65 million worth of bug bounties between ethical hackers and Web3 firms in 2022.

Source link

auditor DeFi Identifying nets Uniswap Vulnerability
Share. Facebook Twitter Pinterest LinkedIn Tumblr Email

Related Posts

Why Decentralized Exchanges Are On Rise? Can INNODEX Surpass Binance and Uniswap?

2023-03-15

What is it & List of Top defi 2.0 Projects

2023-03-13

Forsage founders indicted over $340M DeFi ‘Ponzi scheme’

2023-02-24

SEC’s staking crackdown has uncertain consequences for DeFi: Finance Redefined

2023-02-19
Add A Comment

Leave A Reply Cancel Reply

Top Posts

Decadence and Denial: Reflections on Consensus 2022

2022-06-15

Crypto Market Returns Plunges Into The Negative, Here’s Why

2022-08-25

Price Surge Puts Majority Of Ethereum Investors In Profit

2022-11-01

Subscribe to Updates

Get the latest news and Update from Cryptonewsmetaverse.com about Crypto, Metaverse and NFT.

Our mission is to develop a community of people who try to make financially sound decisions. The website strives to educate individuals in making wise choices about Cryptocurrencies, NFT, Metaverse and more.

We're social. Connect with us:

Facebook Instagram YouTube TikTok
Top Insights

Animoca Denies $200M Metaverse Fund Cut

2023-03-27

Coinbase Chief Legal Officer Says SEC’s Wells Notice a Massive Overreach on Part of Regulator

2023-03-26

US Prosecutors Slam Terra (LUNA) Founder Do Kwon With Eight Counts of Fraud for 2022 Crypto Collapse

2023-03-26
Get Informed

Subscribe to Updates

Get the latest news and Update from Cryptonewsmetaverse.com about Crypto, Metaverse and NFT.

  • Contact
  • Terms & Conditions
  • Privacy Policy
  • DMCA
© 2023 Cryptonewsmetaverse.com. Designed by ProdigitalX.

Type above and press Enter to search. Press Esc to cancel.

  • bitcoinBitcoin(BTC)$27,920.000.49%
  • ethereumEthereum(ETH)$1,766.90-0.56%
  • USDEXUSDEX(USDEX)$1.07-0.53%
  • tetherTether(USDT)$1.00-0.14%
  • binancecoinBNB(BNB)$328.580.41%
  • usd-coinUSD Coin(USDC)$1.00-0.12%
  • rippleXRP(XRP)$0.4760573.35%
  • cardanoCardano(ADA)$0.353031-1.69%
  • Lido Staked EtherLido Staked Ether(STETH)$1,765.78-0.41%
  • dogecoinDogecoin(DOGE)$0.073931-1.54%