Blockchain security firm Dedaub found a “critical vulnerability” in a Uniswap smart contract, which has since been addressed and redeployed.
In a Jan. 3 update, Dedaub said it had disclosed a vulnerability with the Universal Router smart contracts that would allow re-entrancy to drain user funds in the middle of a transaction. A re-entrancy attack takes place when a bad actor creates an external smart contract with malicious code to interact with and exploit a vulnerable smart contract and steal funds in a looped fashion over and over again.
The Dedaub team has disclosed a Critical vulnerability to the Uniswap team!
Funds are safe – Uniswap addressed the issue and redeployed the Universal Router smart contracts on all its chains 👏
The vulnerability allows re-entertrancy to drain the user's funds, mid-tx.
— Dedaub (@dedaub) January 2, 2023
The Universal Router is a fairly new smart contract that was introduced by Uniswap Labs in November. It functions by grouping NFT trades and ERC-20 tokens into a gas optimized-router and lets users swap multiple tokens on Uniswap and buy NFTs across marketplaces in a single transaction.
“If untrusted code is invoked at any point in the transfer, the code can re-enter the UniversalRouter and claim any tokens already in the UniversalRouter contract,” explained Dedaub founder Yannis Smaragdakis in a blog post.
Dedaub received a bug bounty of $40,000 worth of USDC from Uniswap after reporting the bug. The Uniswap team has addressed the issue and implemented a fix on the contract, said the security firm.
Although Dedaub described the bug as critical, Uniswap classified it as a “medium severity” issue in a message to the security firm. At the time of writing, the Uniswap team had not issued any statements of its own on a public platform addressing the bug.