defirisk.co
rubric v1.7.0

Uranium Finance: Math bug — constant product formula check broken by inconsistent parameter change (1000→10000)

Uranium Finance's Uniswap V2 fork changed a constant from 1000 to 10000 in two places but not the third, breaking the x*y=k check and letting an attacker drain $57.2M by swapping 1 wei for 98% of each pool.

Occurred 2021-04-28 Loss $57M Status closed

Summary #

Uranium Finance suffered a DEX / AMM (Uniswap V2 fork) on 2021-04-28, resulting in a loss of approximately $57M.

What happened #

Uranium Finance's Uniswap V2 fork changed a constant from 1000 to 10000 in two places but not the third, breaking the x*y=k check and letting an attacker drain $57.2M by swapping 1 wei for 98% of each pool.

Linked factors #

  • RD-F-004 — causal : Audit count likely 0; floor display [via dashboard_risk_factors/Vulnerability in audited or unaudited code: Unaudited — no audit performed]
  • RD-F-006 — causal : Audit-deploy gap (RD-F-006 time between audit and deploy) [via dashboard_risk_factors/Exploited code newly deployed/upgraded?: Y — Bug introduced in v2 migration ~10 days before exploit] || Audit-deploy gap — alternate field name [via dashboard_risk_factors/Exploited code newly deployed/upgraded?: Y — Bug introduced in v2 migration ~10 days before exploit]
  • RD-F-077 — causal : Prior exploit count [via cross-hack: Factor 5: Second Exploit on Same Protocol]
  • RD-F-078 — causal : Chronic flag (≥3 prior exploits) [via cross-hack: Factor 5: Second Exploit on Same Protocol]
  • RD-F-079 — causal : Same-root-cause repeat exploit [via cross-hack: Factor 5: Second Exploit on Same Protocol]
  • RD-F-101 — illustrative : Large governance proposal queued — RT signal would have fired [via realtime_signals/Governance/admin action: Y — Team deployed v2 with the bug and announced v2.1 migration]
  • RD-F-111 — causal : Team doxx status — pseudonymous-no-track-record class [via dashboard_risk_factors/Team anonymity: Anonymous]
  • RD-F-122 — related : Contributor paid to wallet routing to known DPRK cluster [via cross-hack: Factor 34: Suspected Insider Involvement]
  • RD-F-123 — causal : ★ Sudden admin-rescue / ACL change absent issue/PR discussion [via cross-hack: Factor 34: Suspected Insider Involvement]
  • RD-F-126 — causal : Is-a-fork-of (Cat 8 anchor) [via dashboard_risk_factors/Forked?: Y — Uniswap V2 fork on BSC]
  • RD-F-146 — related : New deploys in last 30 days — fresh attack surface [via dashboard_risk_factors/Exploited code newly deployed/upgraded?: Y — Bug introduced in v2 migration ~10 days before exploit]