Security auditing firm Debaub received a Uniswap "bug bounty" worth $40,000 after discovering a critical vulnerability in a smart contract on the protocol.

The vulnerability was found in Uniswap’s Universal Router contract, a new technology and scripting language that allows users to swap multiple tokens for NFTs in one transaction.

Debaub said on Twitter that the vulnerability could have allowed someone to implement third-party code during a transfer and steal funds.

“Clearly, the UniversalRouter should not hold any balances between transactions, or these can be emptied by anyone,” founder of Debaub Yannis Smaragdakis wrote.

The UniversalRouter contract is capable of performing several transaction commands in a row on the back end, which improves the user experience. Debaub found that the contract did not have what is known as a re-entrancy lock, which mitigates hackers from making additional commands during transfers that would allow them to steal funds.

Debaub said it received immediate confirmation from the Uniswap team a few weeks ago when it first found the vulnerability. It received $40,000 in USDC for the discovery of the bug.

© 2022 The Block Crypto, Inc. All Rights Reserved. This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.

免责声明：本文章仅代表作者个人观点，不代表本平台的立场和观点。本文章仅供信息分享，不构成对任何人的任何投资建议。用户与作者之间的任何争议，与本平台无关。如网页中刊载的文章或图片涉及侵权，请提供相关的权利证明和身份证明发送邮件到support@aicoin.com，本平台相关工作人员将会进行核查。