UniswapV4Router04
Privilege Bypass Leads to Asset Theft
According to TenArmorAlert monitoring, Uniswap V4 Router04 on Ethereum was exploited due to a hardcoded offset vulnerability within its inline assembly. The attacker bypassed payment validation by constructing malicious calldata, stealing approximately $42,000 USDC from authorized wallets.
AUTOSEC.DEV
- Attack Date: March 3, 2026
- Target: Uniswap V4 Router04
- Target Overview: Uniswap V4 Router04 is an interactive routing contract deployed on the Ethereum network. It handles token swap paths and fund allocations within the Uniswap V4 protocol.
- Loss Amount: Approx. 42,000 USDC
- Attack Vector: Privilege Bypass
Incident Review & Technical Details
-
Attack Path:
- (1) Identifying the Vulnerability: The attacker discovered a logic flaw involving inline assembly within the
swapfunction implementation of theUniswap V4 Router04contract. - (2) Constructing Malicious Calls: The contract utilized hardcoded offsets when processing
calldata. By meticulously crafting specific call data, the attacker exploited the failure of these offset calculations to successfully bypass the contract's identity verification checks for the Payer. - (3) Unauthorized Transfers: With the validation logic bypassed, the attacker was able to instruct the router contract to transfer assets directly from user wallets that had previously granted Approval (allowance) to the contract, without requiring further secondary confirmation.
- (4) Asset Liquidation: The attacker illegally extracted 42,000 USDC from victim wallets and rapidly transferred or exchanged the funds.
- (1) Identifying the Vulnerability: The attacker discovered a logic flaw involving inline assembly within the
-
Impact Scope: Primarily targets user wallets that had previously granted USDC spending permissions (Approval) to the
Uniswap V4 Router04contract address. -
Official Determination: The vulnerability stems from an implementation error at the low-level assembly layer of a specific router version (Router04). The Uniswap V4 Core Protocol (Pool) and liquidity pool logic remain unaffected.
-
Investigation Progress:
- The vulnerable contract has been accurately identified. All users are strongly advised to immediately check and Revoke USDC and other token authorizations for the
Uniswap V4 Router04contract. - Security teams are conducting a comprehensive audit of subsequent router versions to ensure that similar hardcoded offset issues do not recur.
- The flow of stolen funds is being tracked, and wallet holders are reminded to enhance their awareness regarding permissions management.
- The vulnerable contract has been accurately identified. All users are strongly advised to immediately check and Revoke USDC and other token authorizations for the
AUTOSEC.DEV Solution: Building a 360-Degree Defense
To counter hybrid attacks involving "Web2 Breach + Web3 Monetization," AUTOSEC.DEV provides comprehensive protection from code to personnel:
- Team OPSEC (Operations Security) Audit & Hardening: We provide enterprise-grade security training and configuration for core Web3 team members. We assist teams in deploying security hardware and risk detection software to increase the difficulty of social engineering attacks, while auditing password management protocols and device security policies.
- End-to-End Incident Response (IR): In an emergency, every second of confusion amplifies the loss. AUTOSEC.DEV provides standardized SOPs (Standard Operating Procedures) and rapid response services tailored to specific business needs to help projects mitigate losses quickly.
Service Content
- AUTOSEC.DEV - Security Awareness Training
- AUTOSEC.DEV - Incident Response Service
- AUTOSEC.DEV - Security Strategy & Planning