Miggo Logo
Miggo Vulnerability Database
CVE-2022-48216

CVE-2022-48216: Uniswap Universal Router Incorrect Authorization vulnerability

7.5

CVSS Score
3.1

Basic Information

CVE ID
CVE-2022-48216
GHSA ID
GHSA-7m37-cx35-qgmr
EPSS Score
0.25056%
CWE
CWE-863
Published
1/4/2023
Updated
8/17/2023
KEV Status
No
Technology
TechnologyJavaScript

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Package NameEcosystemVulnerable VersionsFirst Patched Version
@uniswap/universal-routernpm< 1.1.01.1.0

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stemmed from the execute() function in UniversalRouter.sol not having reentrancy protection. The commit d82c668 shows the function was modified to include an isNotLocked modifier from a new ReentrancyLock contract. This indicates the original execute() function was vulnerable to reentrancy attacks where malicious contracts (e.g., via NFT callbacks or token transfers) could re-enter the execute function during transaction processing to steal funds left in the contract between commands. The added test ReenteringProtocol.sol demonstrates this attack vector, and gas test changes show the security mechanism's overhead.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

Unisw*p Univ*rs*l Rout*r ***or* *.*.* mis**n*l*s r**ntr*n*y. T*is woul* **v* *llow** t***t o* *un*s.

Reasoning

T** vuln*r**ility st*mm** *rom t** `*x**ut*()` *un*tion in `Univ*rs*lRout*r.sol` not **vin* r**ntr*n*y prot**tion. T** *ommit ******* s*ows t** *un*tion w*s mo*i*i** to in*lu** *n `isNotLo*k**` mo*i*i*r *rom * n*w `R**ntr*n*yLo*k` *ontr**t. T*is in*i