Bound of Disaster in This Altcoin Protocol: Discovered at the Last Moment!

Security audit firm Debaub UniSwap (UNI) altcoin It received a $40,000 “bug reward” after discovering a critical vulnerability in a smart contract in its protocol.

Security Company Debaub Discovers Critical Bug on UniSwap (UNI)

The vulnerability was found in Uniswap’s Universal Router contract, a new technology and scripting language that allows users to swap multiple tokens for NFTs in a single transaction.

Debaub said on Twitter that the vulnerability could allow someone to apply third-party codes during transfers and steal funds.

“Obviously, UniversalRouter should not hold any balances during transactions, otherwise these balances can be drained by anyone,” wrote Debaub founder Yannis Smaragdakis.

However, if third-party code is invoked at any point in the transfer (which manifests itself due to composition of protocols), the code can reenter the UniversalRouter and claim any tokens temporarily in the contract.

— Dedaub (@dedaub) January 2, 2023

The UniversalRouter contract can perform several operation commands in a row on the back end, which improves the user experience. Debaub found that the contract lacked a feature known as a re-entry lock, which prevents hackers from issuing additional commands that would allow them to steal funds during transfers.

Debaub said he received immediate approval from the Uniswap team when he first discovered the vulnerability a few weeks ago. Company 40,000 for the discovery of the error USDC took.

Uniswap allows users to Ethereum It is a decentralized exchange protocol that allows the exchange of token-based tokens. It has gained popularity in recent years due to its ease of use and low fees. The critical vulnerability discovered by Debaub could have had serious consequences for Uniswap users if not detected and fixed.

The Uniswap team acted quickly to resolve the issue and rewarded Debaub with a bug bounty for his efforts.

*Not investment advice.