A DeFi Auditor Identifies Uniswap Vulnerability And Receives $40K

Please fol­low and like us:
Pin Share

Recent­ly, Uniswap intro­duced a bug boun­ty project. That project has paved the way toward the detec­tion of a now-fixed weak­ness of the Uni­ver­sal Router (the smart con­tract of the pro­to­col). The auto­mat­ed mar­ket mak­er issued a cou­ple of the lat­est smart con­tracts in 2022’s Novem­ber. Permit2 per­mits token autho­riza­tions to be man­aged and shared across diverse applications.

Dedaub Finds a Uniswap Vul­ner­a­bil­i­ty and Col­lects $40,000 for that


trade now


On the oth­er hand, Uni­ver­sal Router unites ERC-20 as well as non-fun­gi­ble tokens swap­ping into one swap router. Addi­tion­al­ly, Uniswap pro­mot­ed a prof­itable bug boun­ty project to detect poten­tial weak­ness­es in the smart con­tracts in 2022’s end. The platform’s tar­get was to ensure that its pro­to­col was effec­tive and secure.

Dedaub (a com­pa­ny devot­ed to audit­ing and secu­ri­ty of smart con­tracts) declared hav­ing obtained a bug boun­ty fol­low­ing the iden­ti­fi­ca­tion of a vul­ner­a­bil­i­ty. The respec­tive vul­ner­a­bil­i­ty was found in the Uni­ver­sal Router smart con­tract. That weak­ness would have per­mit­ted reen­tran­cy to exploit con­sumer funds mid-trans­fer. The com­pa­ny took to Twit­ter to share the achieve­ment it secured.

In its Twit­ter post, Dedaub not­ed that the funds on Uniswap became secure as it addressed the mat­ter as well as deployed again the Uni­ver­sal Router smart con­tracts. As per the break­down of Dedaub, the Uni­ver­sal Router per­mits the cus­tomers to car­ry out dif­fer­ent actions tak­ing into account swap­ping sev­er­al NFTs and tokens in just one transfer.

The router installs a script­ing lan­guage spec­i­fied for a broad diver­si­ty of token oper­a­tions, which could take into account trans­ac­tions to 3rd-par­ty receivers. On cor­rect imple­men­ta­tion, trans­ac­tions would move to the receiv­er with­in indi­cat­ed para­me­ters. Nonethe­less, Dedaub sig­ni­fies a vul­ner­a­bil­i­ty where a 3rd-par­ty code was entered dur­ing the transaction.

That per­mit­ted the code to re-enter the Uni­ver­sal Router as well as claim the desired tokens there were in the con­tract tem­porar­i­ly. Then Dedaub point­ed out a direct rem­e­dy to the respec­tive sit­u­a­tion. It advised the team of Uniswap to include a reen­tran­cy lock. As per the rec­om­men­da­tion, the lock was to be linked to the exclu­sive router’s core execution.

On this dis­cov­ery and solu­tion, Uniswap offered an award of up to $40,000 to the audit­ing com­pa­ny. The amount took into account a thir­ty-three per­cent bonus for the issue’s report­ing dur­ing the bonus peri­od of Uniswap in 2022’s Novem­ber. Uniswap cat­e­go­rized the prob­lem under medi­um severity.

Where­as, the addi­tion­al eval­u­a­tion brought to the front that the vul­ner­a­bil­i­ty would have a huge influ­ence while a low like­li­hood of hap­pen­ing. In the words of Dedaub, the like­li­hood of a con­sumer send­ing non-fun­gi­ble tokens to an untrust­ed receiv­er straight­ly was cat­e­go­rized as con­sumer error.

The extra com­pli­cat­ed and less prob­a­ble sit­u­a­tions were clas­si­fied as use­able for reen­tran­cy. As a result of this, Uniswap con­sid­ered the respec­tive vec­tor to be less likely.

Big Cryp­to Play­ers Allo­cate Bug Boun­ties to Ensure Security

At present, bug boun­ties have turned out to be more com­mon with­in the blockchain and cryp­to world. This is being wit­nessed at a time when firms and plat­forms are pur­su­ing to guar­an­tee that their soft­ware is com­plete­ly secure and their infra­struc­ture and sys­tems are ful­ly safe. Coin­base, a promi­nent cryp­to exchange, recent­ly brought to the front the terms relat­ed to the bug boun­ty thereof.

Where­as, Immune­fi (a blockchain secu­ri­ty com­pa­ny) has allo­cat­ed more than $65M val­ue to be giv­en in bug boun­ties. These bug boun­ties are to be dis­pensed among the white-hat hack­ers as well as the Web3 com­pa­nies in 2022.

Trade Now

HeraldSheets.com pro­duces top qual­i­ty con­tent for cryp­to com­pa­nies. We pro­vide brand expo­sure for hun­dreds of com­pa­nies. All of our clients appre­ci­ate our ser­vices. If you have any ques­tions you may con­tact us eas­i­ly with Her­ald Sheets Face­book Mes­sen­ger App. Cryp­tocur­ren­cies and Dig­i­tal tokens are high­ly volatile, con­duct your own research before mak­ing any invest­ment deci­sions. Some of the posts on this web­site are guest posts or paid posts that are not writ­ten by our authors and the views expressed in them do not reflect the views of this web­site. Her­ald Sheets is not respon­si­ble for the con­tent, accu­ra­cy, qual­i­ty, adver­tis­ing, prod­ucts or any oth­er con­tent post­ed on the site. Read full terms and con­di­tions / disclaimer.

Source link

Please fol­low and like us:
Pin Share

Leave a Reply

Your email address will not be published. Required fields are marked *