Trail of Bits
Audit Open Original ↗

Uniswap V3

Type

Security review

Client

Uniswap

Date

2021-03

Domain

Blockchain

Effort

10 wks

Section

Uniswap

Trail of Bits's security review of Uniswap (Mar 2021) identified 10 issues: 2 high, 4 medium, 1 low, and 3 informational.

Findings · 10

  1. 1 Missing validation of _owner argument could indefinitely lock owner role Medium
  2. 2 Missing validation of _owner argument could lead to incorrect event emission Informational
  3. 3 Anyone could steal pool tokens’ earned interest Low
  4. 4 Whitepaper contains incorrect equation Informational
  5. 5 Incorrect comparison enables swapping and token draining at no cost High
  6. 6 Unbound loop enables denial of service Medium
  7. 7 Front-running pool’s initialization can lead to draining of liquidity provider’s initial deposits Medium
  8. 8 Swapping on zero liquidity allows for control of the pool’s price Medium
  9. 9 Failed transfer may be overlooked due to lack of contract existence check High
  10. 10 getNextSqrtPriceFromInput|Output can return a value outside of MIN_SQRT_RATIO, MAX_SQRT_RATIO Informational

Findings extracted from the published report PDF. See the full report below for details and remediation.

Related