A serious flaw in Uniswap that might have cost users millions or perhaps billions of dollars has been rectified.
The Dedaub team was the first to recognize the re-entrancy issue that might have led to the misappropriation of consumer funds. The Uniswap development team was subsequently alerted.
The Universal Router smart contracts were redeployed across all of Polygon's networks after the DEX developer corrected the issue.
The Dedaub team noted that the introduction of the Universal Router by Uniswap, which integrates NFTs and ERC-20 tokens into a single swap router, was the cause of the issue. They found that malicious actors might incorporate a programming language into all token activities.
Funds are safe now that Uniswap has re-deployed the Universal Router and added "a re-entrancy lock to the core operation."
The DEX presently controls $3.27 billion in assets, making it the largest by total value locked in DEXs, according to DefiLlama data.
The re-entrancy attack is a common smart contracting error because of how transactions are handled in account-based blockchains like Ethereum. Over time, hackers have found this weakness and have taken hundreds of millions of tokens.
For context, it should be remembered that the first-ever DAO in Ethereum experienced a re-entrancy attack that locked up millions of ETH, leading the network to split into the longer-chain Ethereum and the proof-of-work Ethereum classic.
The attacker initiates an unending loop between their smart contract and the vulnerable smart contracts to take advantage of this weakness and drain the funds held by the latter. Because smart contracts are implemented on an immutable base layer, the victim cannot recover funds once the transaction has been approved from the pool.
As a part of the $3 million scheme that Uniswap created, Dedaub received a $40,000 bounty.