The “vulnerability” of Uniswap V3

In the midsummer of the bear market, hacker attacks occur frequently, making currency holders who have no sense of price to worry about their security.

At 9 a.m. Beijing time on July 12, Changpeng Zhao, founder of Binance, tweeted:

“Our threat intelligence detected a potential vulnerability in Uniswap V3 on the ETH blockchain. Hackers have stolen 4295 ETH so far and they are laundering money through Tornado Cash. Someone can notify Uniswap

? We can help. thanks. “

And attached the hacker address:

RSUU5wsn4nw83oYw8tDQauxEigTH2jYGb3R4rOGa.png

This address has been marked as a hacker address by Etherscan.

Soon, Changpeng Zhao posted another post and attached a screenshot of his communication with Uniswap, saying:

“After contacting the Uniswap team, the protocol is secure. The attack looks like it came from a phishing attack. The team responded quickly. All great. Sorry for the alert. Learn to protect yourself from phishing. Don’t click on the link.”

Uniswap founder Haydenz Adams also responded to Changpeng Zhao’s latest tweet:

“This is a phishing attack that resulted in some LP NFTs being taken from individuals who approved malicious transactions, completely unrelated to the protocol, and it’s a good reminder to protect yourself from phishing and don’t click on malicious links.”

This seems to be an open and simple communication, but it has already caused emotions in the outside world.

Some twitter users commented on Changpeng Zhao:

“He created FUD (Fear, Uncertainty, Doubt), he was the first to discover it… (which is weird), and in the case of uncertainty, he caused panic among Uniswap users. It’s all about He orchestrated it, his goal was to create distrust among Uniswap users. And think Binance is very safe and users should migrate there, this guy is very malicious.”

Another twitter user said:

“Uniswap seems to be hiding something.”

The core of more user discussions is:

“Changpeng Zhao tweeted instead of asking the team privately. Even if it was a bug, it actually had nothing to do with the contract. The Binance team didn’t check the bug carefully, but tweeted directly, which made the actual situation very bad.”

But there seems to be a user who supports Zhao Changpeng’s operation, the user said:

“When something like this happens, you are also people who want the facts to be transparent. Anyone can see the news of the exploits on the chain published by Changpeng Zhao, so that it will be quickly spread to the team.”

This user seems to have likened Changpeng Zhao’s behavior of tweeting news to a transparent and visible transaction on the chain. In addition to discussing operations, there are also users who have expressed their opinions on the programming language of Ethereum.

This user believes that:

“All of this hacking is in this unsafe language. It’s better to use another programming language or this keeps happening.”

Obviously, the user believes that the programming language on Ethereum has led to more loopholes in the contract editing process, which has contributed to the hacking.

But other users expressed the opposite opinion. It says:

“It’s a phishing attack. That means there’s nothing wrong with the code. You’re not going to be the smart guy here (i.e. technology can’t correct people’s mistakes) unless Bitcoin can stop people from falling prey to social engineering.”

Through the discussion sparked by this small hack, the angle is comprehensive.

The first is that the industry generally believes that security vulnerabilities will be a blow to contract and protocol teams. Uniswap, which is an industry benchmark, has always been highly regarded for its contracts, and the oolong of this non-contract loophole will be a bad one, causing some users to distrust the team and products.

Therefore, some users will question Changpeng Zhao. The author remembers that a few years ago, when Uniswap was in its infancy, there was an asset liability dispute with Binance due to contract issues.

Secondly, after verification, the hacking attack was due to a phishing attack, which exploited user behavior loopholes, not because the hackers discovered loopholes in contract code editing and loopholes in the chain.

This is also a type of social attack, because users fail to identify dangerous links, websites, tools, etc., have their private keys stolen, or intercept token authorization, and transfer user assets.

Strictly speaking, this has nothing to do with the platform, and on a completely open chain, such a hacking method cannot be found, and users can only admit that they are unlucky.

Finally, when users mentioned the information that there are many vulnerabilities in the Ethereum programming language, the security protection discussion has been deeply involved in the infrastructure part. In many new chains, the application of the new language has indeed improved the security level, but for security incidents , technology cannot correct human errors.

The public chain is a virgin forest. For wallet teams and defi teams, they cannot identify security problems in advance. They can only indicate that there are security risks. At the same time, they cannot control user behavior. As long as the private key is exposed to the external environment, there are It may be stolen, and no third party can be responsible for recovering the loss.

This is also a place that users cannot control, and can only protect themselves in the virgin forest.

Posted by:CoinYuppie,Reprinted with attribution to:https://coinyuppie.com/the-vulnerability-of-uniswap-v3/
Coinyuppie is an open information publishing platform, all information provided is not related to the views and positions of coinyuppie, and does not constitute any investment and financial advice. Users are expected to carefully screen and prevent risks.

Like (0)
Donate Buy me a coffee Buy me a coffee
Previous 2022-07-12 10:22
Next 2022-07-12 10:24

Related articles