Uniswap detects new security vulnerability: Were UNI holders impacted?
- Uniswap discovered new security vulnerabilities.
- The number of bots on Uniswap grew while the profitability of token holders declined.
Dedaub, a security intelligence firm, detected a critical vulnerability on the Uniswap [UNI] protocol on 2 January. The vulnerability could allow hackers to drain user funds in the middle of transactions.
We advised the Uniswap team to add a reentrancy lock to the core execution of the new router, and redeploy.
This modification was swiftly implemented, fixing the issue before the router gaining mass adoption: https://t.co/M8SbIAiQM9
— Dedaub (@dedaub) January 2, 2023
Read Uniswap’s [UNI] Price Prediction 2023-2024
The underlying issue
The vulnerability was created when Uniswap announced their Universal Router. The purpose of the router was to combine NFT and ERC -20 swapping into one transaction.
A malicious third-party code could be invoked while the transaction was taking place. This code caould re-enter the Universal Router and drain all the tokens that were temporarily held in the contract.
After being informed of this bug, Uniswap modified the code and fixed the issue. The Deadaub team was awarded a bug bounty for their efforts and help in detecting this problem.
Fortunately, hackers had not yet discovered this vulnerability, therefore there were no attacks on the protocol. It was business as usual for Uniswap for the most part, with the number of transactions on the protocol actually increasing.
The bot army rises
According to data from Dune Analytics, it was observed that the number of transactions on the Uniswap protocol continued to grow immensely. However, numerous bots were observed to be contributing to these transactions.
Based on the information provided by Dune Analytics, it was observed that Arbitrage bots and Sandwich bots contributed materially to the overall volume on Uniswap.
Arbitrage bots make a series of two or more trades, that occur in the same transaction where the very first token bought (token in) is the same as the very last token sold (token out).
If the price of the token out is more than the price of the token in, the bot makes a profit. Sandwich bots, on the other hand, initiate attacks where the attacker buys and sells the same asset as the victim.
At the time of writing, bot transactions (Including Sandwich and Arbitrage bots) on the Uniswap protocol made up 52.2% of the overall volume combined. Furthermore, organic transactions contributed about 48.8% to the total volume.
Negative effects on the DEX might result from an increase in bot transactions on Uniswap. It can impact owners of UNI tokens as well.
How many UNIs can you get for $1?
State of Uniswap HODLers
The price of UNI declined materially over the last two weeks, resulting in the Market Value to Realized Value (MVRV) ratio turning negative. This meant that most UNI holders would lose money if they decided to sell at press time.
It remains to be seen whether these UNI holders will continue to hold on to their positions.