Uranium Finance was a Uniswap V2 fork on BSC. In its v2.1 migration the team modified the swap() function in UraniumPair so that the K-invariant check used a 10000 (1e4) multiplier on adjusted balances, while leaving an adjacent calculation that compared `balance0Adjusted * balance1Adjusted` against `_reserve0 * _reserve1 * (1000**2)` — but the migration upgraded one side of the inequality to a 10000 base without upgrading the other side, so the require effectively became `balanceAdjusted_x * balanceAdjusted_y >= reserve_x * reserve_y * 1_000_000` while the adjusted balances were scaled with 10000. The result: the post-swap K only needed to be 1/100 of the true pre-swap K to pass. An attacker called swap() requesting nearly the entire reserve of one token and paying a tiny amount of the other; the broken require returned true, and the pool released its reserves. The bug applied to every Uranium pair contract because they all shared the same buggy template, so the attacker iterated across pools and drained ~$57.2M total in a single transaction sequence.
Reproducible Foundry test fork from SunWeb3Sec/DeFiHackLabs. Clone the repo, run forge test against the file path above, and replay the exploit against a mainnet fork at the historical block. Use for reproduction only — not for live targets.
Classification: Protocol Logic. Technique: Math Mistake Exploit. Target type: DeFi Protocol. Affected chains: BSC. Implementation language: Solidity.
- chain
- bsc
- protocol
- Uranium Finance
- bug_class
- logic
- date_occurred
- 2021-04-28
- loss_usd
- $57,200,000
- classification
- Protocol Logic
- technique
- Math Mistake Exploit
- target_type
- DeFi Protocol
- language
- Solidity
- source_id
- dl:adhoc:uranium-finance:1619568000