Low | Medium | High | Critical | Total | |
---|---|---|---|---|---|
Not fixed | - | - | - | - | 0 |
Fixed | 4 | 6 | 2 | 1 | 13 |
Total | 4 | 6 | 2 | 1 | 13 |
Click to show description
Hackers deployed two reentrancy attacks, made possible by a known vulnerability found in the ERC777-token of Uniswap, to steal $300,000 and $1.1 million in imBTC tokens. Tokenlon, the company behind the imBTC token that runs on the Uniswap platform, provides a timeline of the events: “8:58 SGT on April 18th. An attacker used a vulnerability with Uniswap and ERC777 to perform a reentrancy attack. 12:12 on April 18th. The Tokenlon team observed the anomaly, defined the incident as a P0-level security issue, and established an emergency response team. 12:49 on April 18th. After evaluating the situation, Tokenlon suspended the transfer of imBTC and notified imBTC partners including Lendf.Me to evaluate potential security risks. 17:00 on April 18th. imBTC transfer was resumed after receiving the confirmation from Lendf.Me and other partners that it is OK to do so. 09:28 on April 19th. Tokenlon received a message from Lendf.me about a reentrancy attack, similar to the one happened to Uniswap, resulting in a large number of abnormal borrowing on the platform. 10:12 on April 19th. In order to cooperate with the investigation of the reentrancy attack, Tokenlon suspended the transfer of imBTC.”
# | Name | Auditor | Date | Chains | Issues |
---|---|---|---|---|---|
1 | Uniswap Hooks Library Miles... | OpenZeppelin | 2025/02/24 | Off-Chain (Private) | No active critical issues |
2 | Uniswap v4 Periphery and Un... | OpenZeppelin | 2024/08/30 | Off-Chain (Private) | No active critical issues |
3 | Uniswap v4 Core Audit | OpenZeppelin | 2024/08/27 | Off-Chain (Private) | No active critical issues |
4 | UNCX UniswapV3 Liquidity Lo... | OpenZeppelin | 2024/02/08 | Off-Chain (Private) | No active critical issues |
5 | UniswapX Audit | OpenZeppelin | 2023/10/10 | Off-Chain (Private) | No active critical issues |
6 | Uniswap Permit2 | ChainSecurity | 2022/11/18 | Off-Chain (Private) | No active critical issues |
7 | Aave Balancer and Uniswap v... | Consensys | 2020/07/31 | Off-Chain (Private) | No active critical issues |
8 | Exploiting Uniswap: from re... | OpenZeppelin | 2019/07/28 | Off-Chain (Private) | No active critical issues |