Uniswap Universal Router before 1.1.0 mishandles reentrancy. This would have allowed theft of funds.
References
Link | Resource |
---|---|
https://github.com/Uniswap/universal-router/commit/d82c6685ef566d9b280651c99f4b93a8454c08a8 | Patch Third Party Advisory |
https://github.com/Uniswap/universal-router/compare/v1.0.1...v1.1.0 | Release Notes Third Party Advisory |
https://github.com/Uniswap/universal-router/pull/189 | Patch Third Party Advisory |
https://media.dedaub.com/uniswap-bug-bounty-1625d8ff04ae | Exploit Third Party Advisory |
https://twitter.com/dedaub/status/1610058814094450694 | Third Party Advisory |
https://github.com/Uniswap/universal-router/commit/d82c6685ef566d9b280651c99f4b93a8454c08a8 | Patch Third Party Advisory |
https://github.com/Uniswap/universal-router/compare/v1.0.1...v1.1.0 | Release Notes Third Party Advisory |
https://github.com/Uniswap/universal-router/pull/189 | Patch Third Party Advisory |
https://media.dedaub.com/uniswap-bug-bounty-1625d8ff04ae | Exploit Third Party Advisory |
https://twitter.com/dedaub/status/1610058814094450694 | Third Party Advisory |
Configurations
Configuration 1 (hide)
AND |
|
History
21 Nov 2024, 07:32
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
|
References | () https://github.com/Uniswap/universal-router/commit/d82c6685ef566d9b280651c99f4b93a8454c08a8 - Patch, Third Party Advisory | |
References | () https://github.com/Uniswap/universal-router/compare/v1.0.1...v1.1.0 - Release Notes, Third Party Advisory | |
References | () https://github.com/Uniswap/universal-router/pull/189 - Patch, Third Party Advisory | |
References | () https://media.dedaub.com/uniswap-bug-bounty-1625d8ff04ae - Exploit, Third Party Advisory | |
References | () https://twitter.com/dedaub/status/1610058814094450694 - Third Party Advisory |
08 Aug 2023, 14:22
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-01-04 16:15
Updated : 2024-11-21 07:32
NVD link : CVE-2022-48216
Mitre link : CVE-2022-48216
CVE.ORG link : CVE-2022-48216
JSON object : View
Products Affected
uniswap
- universal_router_firmware
- universal_router
CWE
CWE-667
Improper Locking