UniswapV3 adapter path parameter extraction vulnerability

Description

The UniswapV3 adapter implements incorrect extraction of path parameters, potentially leading to security vulnerabilities. This issue is related to improper validation of specified index, position, or offset in input.

Examples

Insecure Code

solidity

$PATH.toAddress($PATH.length - $ADDR_SIZE);

Secure Code

solidity

$PATH.toAddress($PATH.length - $ADDR_SIZE + 1); // assuming $ADDR_SIZE is correct and the offset should be adjusted

Remediation

Validate and correctly extract path parameters to prevent potential security vulnerabilities.

Rule Details

Field	Value
ID	CODE-0433
Category	Crypto
Severity	HIGH
CWE	CWE-1285
Confidence	LOW
Impact	HIGH
Likelihood	LOW
Exploitability	COMPLEX
Tags	smart contract, uniswapv3
OWASP	N/A

References

https://etherscan.io/address/0xbA7B57D7E4d4A7516FC1CbfF1CA5182eBC0c1491
https://medium.com/@nnez/different-parsers-different-results-acecf84dfb0c

Overview

SAST (Application Security)

SCA (Dependencies)

Secrets Detection

IaC Security

License Compliance

SAST Rules

IaC Rules

License Rules

UniswapV3 adapter path parameter extraction vulnerability

Description

Examples

Insecure Code

Secure Code

Remediation

Rule Details

References

SAST Rules

IaC Rules

License Rules

UniswapV3 adapter path parameter extraction vulnerability ​

Description ​

Examples ​

Insecure Code ​

Secure Code ​

Remediation ​

Rule Details ​

References ​

UniswapV3 adapter path parameter extraction vulnerability

Description

Examples

Insecure Code

Secure Code

Remediation

Rule Details

References