Uniswap’s newly implemented bug bounty program has been a roaring success, as it helped uncover and subsequently resolve an existing vulnerability in its Universal Router smart contract.
The two new smart contracts, Permit2 and Universal Router, were released back in November 2022. Through token approval sharing and management, the Permit2 smart contract grants applications with access to an array of secure authorization capabilities. On the other hand, Universal Router compile ERC-20 and NFT transactions into a single swap router, giving Uniswap a more efficient method for exchanging between various types of cryptocurrency.
With the introduction of these new smart contracts, Uniswap also announced a bug bounty program which would help the platform detect any potential vulnerabilities. As the digital currency and blockchain market continues to evolve, bug bounties have become a way for firms to ensure their software, systems, and critical infrastructure are secure.
DeFi security auditing firm Dedaub was among the first to receive a hefty award for their work on identifying a vulnerability on the Universal Router smart contract. The vulnerability was flagged as having the ability to permit reentrancy during a transaction’s confirmation time, which could be exploited by threat actors to then drain a wallet’s funds.
The Dedaub team has disclosed a Critical vulnerability to the Uniswap team!
Funds are safe – Uniswap addressed the issue and redeployed the Universal Router smart contracts on all its chains 👏
The vulnerability allows re-entertrancy to drain the user’s funds, mid-tx.
🧵 pic.twitter.com/wFSFsohPvy
— Dedaub (@dedaub) January 2, 2023
Dedaub explains that the Universal Router provides users with the opportunity to make numerous transactions at once, such as exchanging multiple tokens and NFTs in a single go. The router’s integrated scripting language is capable of a vast array of token activities including transfers to external payees. When done correctly step by step, these funds would be delivered right away should the transaction meet the criteria set by the smart contract’s parameters.
By design, this means that a third-part code, when invoked during the transfer, could allow the code to re-enter the Universal Router and manage or pull tokens that are on the smart contract for a temporary period. This prompted the Dedaub whitehats to advise Uniswap of a resolution, which involved patching the smart contract with a reentrancy lock for the core execution module of Universal Router.
Uniswap then swiftly awarded $40,000 to the Dedaub team for their prompt disclosure. According to Uniswap, the issue was of medium-level severity, while further assessment of the vulnerability pointed to a low-chance, high-impact scenario. Dedaub confirms that the attack vector can be considered as user-end error, because the scenario would only happen if a user directly sends NFTs to an untrusted recipient.
Disclaimer: This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.