Summary
Uniswap implements Permit2 and Permit2Lib which are smart contracts that enable permit-style approvals and transfers using signatures for ERC20 tokens that do not support such functionality.
The most critical subjects covered in our audit are functional correctness, signature handling andfront-running. Security regarding front-running is improvable due to a possible attack vector on permitapprovals, see Race Condition on Approvals. Security regarding functional correctness and signaturehandling is high.The general subjects covered are specification correctness and uncommon language features. Securityregarding all the aforementioned subjects is high.
In summary, we find that the level of security of the codebase is high. Discovered issues do not render the contracts immediately unsafe, but enable potential human errors.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don’t replace other vital measures to secure a project.
About Uniswap – Permit2
What is Uniswap Protocol?
“The Uniswap Protocol is an open-source protocol for providing liquidity and trading ERC20 tokens on Ethereum. It eliminates trusted intermediaries and unnecessary forms of rent extraction, allowing for safe, accessible, and efficient exchange activity. The protocol is non-upgradable and designed to be censorship resistant.”