Uniswap’s recently introduced bug bounty program has actually led to the discovery of a now-fixed vulnerability of the procedure’s Universal Router smart contract.The automated

market maker launched2 new wise contracts to its platform in November 2022. Permit2 permits token approvals to be shared and managed throughout various applications, while Universal Router merges ERC-20 and nonfungible tokens (NFTs) switching into a single swap router.Uniswap likewise advertised a profitable bug bounty program to identify prospective vulnerabilities in its smart agreements toward the end of 2022 as it looked to ensure the security and effectiveness of its protocol.Smart contract security and auditing firm Dedaub revealed that it had actually gotten a bug bounty after flagging a vulnerability in the Universal Router smart contract that would have enabled reentrancy to drain user funds mid-transaction. The Dedaub team has divulged a Critical vulnerability to the Uniswap team!Funds are safe-Uniswap resolved the problem and redeployed the Universal Router clever agreements on all its chains The vulnerability allows re-entertrancy to drain the user’s funds, mid-tx. pic.twitter.com/wFSFsohPvy!.?.!— Dedaub(@dedaub )January 2, 2023 According to Dedaub’s breakdown, the Universal Router allows

users to perform varied actions including swapping several tokens and NFTs in

one transaction. The router embeds a scripting language for a wide range of token actions, which could consist of transfers to 3rd party recipients. If properly implemented, transfers would go to the recipient within specified parameters.Related: Immunefi states it has actually assisted in$66M in bug bounties since creation However, Dedaub determined a vulnerability in which a third-party code was invoked throughout the transfer, allowing the code to re-enter the Universal Router and declare any tokens that

were temporarily in the contract.Dedaub then suggested a simple remedy, encouraging the Uniswap group to add a reentrancy lock to the core execution of the new router. Uniswap granted the auditing firm an overall of

$40,000 for flagging the vulnerability. The quantity included a 33 %benefit for reporting the issue during Uniswap’s benefit period in November 2022. Uniswap classified the problem as medium seriousness, while further evaluation considered the vulnerability to have a high impact and low probability. According to Dedaub, the possibility of a user sending NFTs to

an untrusted recipient straight was thought about a user error. More complex and less likely circumstances were considered legitimate for reentrancy, which resulted in Uniswap considering the vector to have a low likelihood. Pandoraland has actually reached out to Uniswap to ascertain additional details of its continuous bounty program, amounts paid and the number of bugs recognized to date.Bug bounties have ended up being commonplace in the cryptocurrency and blockchain space as platforms and business aim to make sure the security of their software application, systems and infrastructure. Cryptocurrency exchange Coinbase recently clarified the terms of its bug bounty

, while blockchain security company Immunefi has helped with over$65 million worth of bug bounties in between ethical hackers and Web3 firms in 2022.