Recently, Uniswap introduced a bug bounty project. That project has paved the way toward the detection of a now-fixed weakness of the Universal Router (the smart contract of the protocol). The automated market maker issued a couple of the latest smart contracts in 2022’s November. Permit2 permits token authorizations to be managed and shared across diverse applications.
Dedaub Finds a Uniswap Vulnerability and Collects $40,000 for that
On the other hand, Universal Router unites ERC-20 as well as non-fungible tokens swapping into one swap router. Additionally, Uniswap promoted a profitable bug bounty project to detect potential weaknesses in the smart contracts in 2022’s end. The platform’s target was to ensure that its protocol was effective and secure.
Dedaub (a company devoted to auditing and security of smart contracts) declared having obtained a bug bounty following the identification of a vulnerability. The respective vulnerability was found in the Universal Router smart contract. That weakness would have permitted reentrancy to exploit consumer funds mid-transfer. The company took to Twitter to share the achievement it secured.
In its Twitter post, Dedaub noted that the funds on Uniswap became secure as it addressed the matter as well as deployed again the Universal Router smart contracts. As per the breakdown of Dedaub, the Universal Router permits the customers to carry out different actions taking into account swapping several NFTs and tokens in just one transfer.
The router installs a scripting language specified for a broad diversity of token operations, which could take into account transactions to 3rd-party receivers. On correct implementation, transactions would move to the receiver within indicated parameters. Nonetheless, Dedaub signifies a vulnerability where a 3rd-party code was entered during the transaction.
That permitted the code to re-enter the Universal Router as well as claim the desired tokens there were in the contract temporarily. Then Dedaub pointed out a direct remedy to the respective situation. It advised the team of Uniswap to include a reentrancy lock. As per the recommendation, the lock was to be linked to the exclusive router’s core execution.
On this discovery and solution, Uniswap offered an award of up to $40,000 to the auditing company. The amount took into account a thirty-three percent bonus for the issue’s reporting during the bonus period of Uniswap in 2022’s November. Uniswap categorized the problem under medium severity.
Whereas, the additional evaluation brought to the front that the vulnerability would have a huge influence while a low likelihood of happening. In the words of Dedaub, the likelihood of a consumer sending non-fungible tokens to an untrusted receiver straightly was categorized as consumer error.
The extra complicated and less probable situations were classified as useable for reentrancy. As a result of this, Uniswap considered the respective vector to be less likely.
Big Crypto Players Allocate Bug Bounties to Ensure Security
At present, bug bounties have turned out to be more common within the blockchain and crypto world. This is being witnessed at a time when firms and platforms are pursuing to guarantee that their software is completely secure and their infrastructure and systems are fully safe. Coinbase, a prominent crypto exchange, recently brought to the front the terms related to the bug bounty thereof.
Whereas, Immunefi (a blockchain security company) has allocated more than $65M value to be given in bug bounties. These bug bounties are to be dispensed among the white-hat hackers as well as the Web3 companies in 2022.