Debaub Gets $40K as Bug Bounty after Identifying Flaws on Uniswap

Debaub, a security firm known for its significant security expertise in securing projects has identified a vulnerability in the Uniswap smart contract that may have resulted in the loss of funds for users if exploited.

According to the tweet by the Debaub team, the re-entrancy issue was identified on the Uniswap UniversalRouter contract, a new technology introduced by the Uniswap development team in November 2022.

The Debaub team has since alerted the Uniswap development team after making the discovery and advised the DEX team to include a re-entrancy lock to the new router to prevent hackers from issuing additional commands to steal users’ funds before redeploying.

Fortunately, no user funds were lost, as the Uniswap development team reacted promptly to fix the issues. Afterward, it rewarded Debaub with a “bug bounty” of $40,000 in USDC for the discovery.

The Uniswap UniversalRouter Contract unifies Non-fungible Tokens (NFTs) swapping as well as ERC20 into a single swap router enabling users to be able to swap multiple tokens and NFTs in one swap thereby saving gas fees. Interestingly the contract will bring about a great improvement in user experience.

Although, users’ ability to transfer and swap multiple tokens can lead them into transferring to unknown and unreliable recipients. As such, if unreliable code is obtained at the point of initiating a transfer, the code can claim any token seen in the UniversalRouter contract, thereby bringing about financial losses to users.

Therefore, Yannis Smaragdakis, Debaub’s founder advised users not to leave any balance on the UniversalRouter, especially while carrying out transactions, and afterward to avoid it being taken by anyone.

Debaub is an automatic and continuous smart contract monitoring system that helps boost the security of decentralized applications (dApps).

Once a security loophole is spotted, the blockchain security firm’s experts call the attention of the project to the issue and also enlighten them on possible risks involved and how to tackle it immediately.

Last year, Fantom, a Layer-1 blockchain platform launched a Watchdog to improve the safety of Decentralized Finance (DeFi) applications on the blockchain. Equally, blockchain security firm Halborn issued a warning about a fresh phishing campaign that targeted users of MetaMask, a well-known cryptocurrency wallet.

#crypto #bitcoin #CoinMarketCap #blockchain #cryptocurrency #btc #ADA #NFT #NFTs #WEB3 #ETH #XRP