https://news.coincu.com/157833-uniswap-detected-critical-vulnerability/
The Dedaub team was the first to identify the re-entrancy problem that may have resulted in the loss of customer monies. They then informed the Uniswap development group.
The DEX developer acknowledged the fault, fixed it, and redeployed the Universal Router smart contracts across all of Polygon’s networks.
The Dedaub team observed that this issue was established due to Uniswap’s decision to introduce the Universal Router, which combines NFTs and ERC-20 tokens into a single swap router. According to their analysis, malevolent actors might embed a scripting language for all token activities.
After Uniswap re-deployed the Universal Router and added “a re-entrancy lock to the core operation,” funds are now secure. According to DefiLlama data, the DEX currently manages $3.27 billion of assets, it is the largest by total value locked in DEXs.
Because of the way transactions are handled in account-based blockchains like Ethereum, the re-entrancy attack is a typical smart contracting mistake. Hackers have discovered this flaw over time and have stolen hundreds of millions of tokens.
For perspective, it should be noted that a re-entrancy attack was used to lock millions of ETH in the first-ever DAO in Ethereum, causing the network to split into the longer-chain Ethereum and the proof-of-work Ethereum classic.
In order to take advantage of this weakness, the attacker starts an endless loop between the weak smart contracts and their smart contract, draining the latter’s holdings of money. Once the transaction is accepted from the pool, the victim cannot recover funds because smart contracts are implemented on an immutable base layer.
Dedaub was awarded a $40,000 bounty as part of the $3 million program that Uniswap launched.