11-15, 14:50–15:00 (Asia/Bangkok), Stage 4
A short explanation of a critical-severity vulnerability we found in the Uniswap V4 core contracts that would have caused a ~$15M loss in Uniswap's pools. The goal is to explain the risks of double entry points, from the $30M+ TUSD issue in Compound to the Uniswap V4-specific case where protocols use native tokens and operate on chains where the native token has a corresponding ERC-20 token, and how to prevent them.
Formerly a Smart Contract Auditor, I'm the Head of Security Services at OpenZeppelin. I started working in crypto 6 years ago as a Smart Contract Developer, building OpenZeppelin contracts and development tools. I transitioned into a Security Researcher and have led over 60 audits, discovered more than 30 critical-severity issues, and helped protect over $1 billion in funds, including live protocols.