Deprecated: The $control_id argument is deprecated since version 3.5.0! in /var/www/todayscrypto.news/wp-content/plugins/elementor/modules/dev-tools/deprecation.php on line 304
Critical flaw in Uniswap (UNI) smart contract - $40,000 reward for Dedaub - Today's Crypto News
Home » Critical flaw in Uniswap (UNI) smart contract – $40,000 reward for Dedaub

Critical flaw in Uniswap (UNI) smart contract – $40,000 reward for Dedaub

by Patricia

The Uniswap (UNI) decentralised finance (DeFi) protocol missed a potential disaster: blockchain security firm Dedaub found a critical flaw in one of the recent features implemented on the protocol that has since been fixed.

Potential disaster averted at Uniswap

Dedaub, a company specialising in blockchain security, has found a critical flaw in a smart contract of the decentralised exchange (DEX) Uniswap (UNI).

The flaw was located in the Universal Router, a feature implemented last November by Uniswap that allows users of the protocol to swap NFTs and tokens in a single transaction.

According to Dedaub, the code for the Universal Router function did not include a “lock” feature to prevent a malicious third party from operating code during a transaction being processed on Uniswap.

Therefore, without this security measure, an experienced hacker could have intercepted assets being transferred for a period of time in the relevant smart contract. According to Dedaub, however, this only affected the assets locked in the smart contract.

As the flaw was reported as soon as possible by Dedaub’s teams, Uniswap’s teams instantly corrected this unintentional error and rewarded the blockchain security firm with a bug bounty of 40,000 USDC.

Uniswap had initially classified the error as “medium” in that it required a user to perform a transaction involving both tokens and at least one NFT to a stranger or untrustworthy person, which seems unlikely indeed.

Rewards of this kind are now commonplace within the cryptocurrency ecosystem, whether decentralised projects or not. In doing so, it allows the various infrastructures to optimise their security although they use auditing firms, which is not always enough.

Related Posts

Leave a Comment