Blockchain security firm Dedaub realized a “serious vulnerability” in a Uniswap clear contract, which has since been addressed and redeployed.

In a Jan. 3 update, Dedaub acknowledged it had disclosed a vulnerability with the Universal Router clear contracts that could well per chance allow re-entrancy to empty user funds in the center of a transaction. A re-entrancy attack takes assign when a wearisome actor creates an exterior clear contract with malicious code to bear interaction with and exploit a inclined clear contract and take care of shut funds in a looped fashion over and over.

The Universal Router is a reasonably new clear contract that used to be equipped by Uniswap Labs in November. It capabilities by grouping NFT trades and ERC-20 tokens into a gas optimized-router and lets users swap just a few tokens on Uniswap and buy NFTs across marketplaces in a single transaction.

“If untrusted code is invoked at any level in the switch, the code can re-enter the UniversalRouter and claim any tokens already in the UniversalRouter contract,” explained Dedaub founder Yannis Smaragdakis in a weblog submit.

Dedaub got a worm bounty of $40,000 rate of USDC from Uniswap after reporting the worm. The Uniswap team has addressed the discipline and performed a fix on the contract, acknowledged the protection firm.

Even supposing Dedaub described the worm as serious, Uniswap classified it as a “medium severity” discipline in a message to the protection firm. On the time of writing, the Uniswap team had no longer issued any statements of its comprise on a public platform addressing the worm.