<?xml version="1.0"?>
<feed xmlns="http://www.w3.org/2005/Atom" xml:lang="en">
	<id>https://quadrigainitiative.com/cryptocurrencyhackscamfraudwiki/index.php?action=history&amp;feed=atom&amp;title=Unverified_Contract_uniswapV3Callback_Lacking_Access_Control</id>
	<title>Unverified Contract uniswapV3Callback Lacking Access Control - Revision history</title>
	<link rel="self" type="application/atom+xml" href="https://quadrigainitiative.com/cryptocurrencyhackscamfraudwiki/index.php?action=history&amp;feed=atom&amp;title=Unverified_Contract_uniswapV3Callback_Lacking_Access_Control"/>
	<link rel="alternate" type="text/html" href="https://quadrigainitiative.com/cryptocurrencyhackscamfraudwiki/index.php?title=Unverified_Contract_uniswapV3Callback_Lacking_Access_Control&amp;action=history"/>
	<updated>2026-07-10T01:15:49Z</updated>
	<subtitle>Revision history for this page on the wiki</subtitle>
	<generator>MediaWiki 1.39.1</generator>
	<entry>
		<id>https://quadrigainitiative.com/cryptocurrencyhackscamfraudwiki/index.php?title=Unverified_Contract_uniswapV3Callback_Lacking_Access_Control&amp;diff=6924&amp;oldid=prev</id>
		<title>Azoundria: Created page with &quot;{{Imported Case Study With About|source=https://www.quadrigainitiative.com/casestudy/unverifiedcontractuniswapv3callbacklackingaccesscontrol.php}} {{Unattributed Sources}}  Base Blockchain Logo/HomepageOn August 28th, 2025, an unverified smart contract was deployed on the Base blockchain containing a critical vulnerability: the uniswapV3SwapCallback function lacked proper access control. This allowed an attacker to exploit the contract u...&quot;</title>
		<link rel="alternate" type="text/html" href="https://quadrigainitiative.com/cryptocurrencyhackscamfraudwiki/index.php?title=Unverified_Contract_uniswapV3Callback_Lacking_Access_Control&amp;diff=6924&amp;oldid=prev"/>
		<updated>2025-10-10T22:45:13Z</updated>

		<summary type="html">&lt;p&gt;Created page with &amp;quot;{{Imported Case Study With About|source=https://www.quadrigainitiative.com/casestudy/unverifiedcontractuniswapv3callbacklackingaccesscontrol.php}} {{Unattributed Sources}}  &lt;a href=&quot;/cryptocurrencyhackscamfraudwiki/index.php?title=File:Baseblockchain.jpg&quot; title=&quot;File:Baseblockchain.jpg&quot;&gt;thumb|Base Blockchain Logo/Homepage&lt;/a&gt;On August 28th, 2025, an unverified smart contract was deployed on the Base blockchain containing a critical vulnerability: the uniswapV3SwapCallback function lacked proper access control. This allowed an attacker to exploit the contract u...&amp;quot;&lt;/p&gt;
&lt;p&gt;&lt;b&gt;New page&lt;/b&gt;&lt;/p&gt;&lt;div&gt;{{Imported Case Study With About|source=https://www.quadrigainitiative.com/casestudy/unverifiedcontractuniswapv3callbacklackingaccesscontrol.php}}&lt;br /&gt;
{{Unattributed Sources}}&lt;br /&gt;
&lt;br /&gt;
[[File:Baseblockchain.jpg|thumb|Base Blockchain Logo/Homepage]]On August 28th, 2025, an unverified smart contract was deployed on the Base blockchain containing a critical vulnerability: the uniswapV3SwapCallback function lacked proper access control. This allowed an attacker to exploit the contract using a delegatecall to another contract, resulting in a reported loss of approximately $88.9K. The incident was first analyzed and reported by TenArmor and researcher Weilin (William) Li, and later included in Blockthreat’s Week 36 report. The responsible project remains unidentified, and there is currently no indication of an ongoing investigation or recovery efforts.&amp;lt;ref name=&amp;quot;tenarmortweet-21139&amp;quot; /&amp;gt;&amp;lt;ref name=&amp;quot;basescantransaction-21140&amp;quot; /&amp;gt;&amp;lt;ref name=&amp;quot;hklst4rtweet-21141&amp;quot; /&amp;gt;&amp;lt;ref name=&amp;quot;blockthreat-21142&amp;quot; /&amp;gt;&amp;lt;ref name=&amp;quot;blockscoutrawtrace-21143&amp;quot; /&amp;gt;&amp;lt;ref name=&amp;quot;victimbasescan-21144&amp;quot; /&amp;gt;&amp;lt;ref name=&amp;quot;victimcreationbasescan-21145&amp;quot; /&amp;gt;&amp;lt;ref name=&amp;quot;vulnerablebasescan-21146&amp;quot; /&amp;gt;&amp;lt;ref name=&amp;quot;deletegatedcreationbasedscan-21147&amp;quot; /&amp;gt;&lt;br /&gt;
&lt;br /&gt;
== About Unverified Contract ==&lt;br /&gt;
An unverified smart contract was launched on the Base blockchain on August 28th, 2025.&lt;br /&gt;
&lt;br /&gt;
This invokes code in another smart contract via a delegatecall.&lt;br /&gt;
&lt;br /&gt;
== The Reality ==&lt;br /&gt;
Unfortunately, the smart contract was launched with a vulnerability where the uniswapV3Callback function lacked access control.&lt;br /&gt;
&lt;br /&gt;
== What Happened ==&lt;br /&gt;
An unverified smart contract on the Base blockchain was exploited due to a missing access control in the uniswapV3SwapCallback function, resulting in a reported loss of $88.9K.&lt;br /&gt;
{| class=&amp;quot;wikitable&amp;quot;&lt;br /&gt;
|+Key Event Timeline - Unverified Contract uniswapV3Callback Lacking Access Control&lt;br /&gt;
!Date&lt;br /&gt;
!Event&lt;br /&gt;
!Description&lt;br /&gt;
|-&lt;br /&gt;
|August 28th, 2025 3:35:11 PM MDT&lt;br /&gt;
|Victim Smart Contract Launched&lt;br /&gt;
|The victim smart contract is first launched on the Base blockchain.&lt;br /&gt;
|-&lt;br /&gt;
|August 29th, 2025 5:55:05 AM MDT&lt;br /&gt;
|Delegated Smart Contract Launched&lt;br /&gt;
|The smart contract starting with 0x1d9e is launched, containing a vulnerability due to the lack of access control on uniswapV3Callback.&lt;br /&gt;
|-&lt;br /&gt;
|September 1st, 2025 12:38:27 AM MDT&lt;br /&gt;
|Base Attack Transaction&lt;br /&gt;
|The attack is accepted into the Base blockchain.&lt;br /&gt;
|-&lt;br /&gt;
|September 1st, 2025 1:13:00 AM MDT&lt;br /&gt;
|TenArmor Tweet Posted&lt;br /&gt;
|TenArmor posts a tweet with details about the xploit.&lt;br /&gt;
|}&lt;br /&gt;
&lt;br /&gt;
== Technical Details ==&lt;br /&gt;
According to an initial analysis by TenArmor, &amp;quot;[i]t appears that the uniswapV3SwapCallback function of the contract 0x1d9e lacks access control, which was exploited by the attacker.&amp;quot;&lt;br /&gt;
&lt;br /&gt;
== Total Amount Lost ==&lt;br /&gt;
TenArmor has reported that there was &amp;quot;an approximately loss of $88.9K&amp;quot;.&lt;br /&gt;
&lt;br /&gt;
The total amount lost has been estimated at $89,000 USD.&lt;br /&gt;
&lt;br /&gt;
== Immediate Reactions ==&lt;br /&gt;
The incident was reported by TenArmor and researcher Weilin (William) Li.&lt;br /&gt;
&lt;br /&gt;
== Ultimate Outcome ==&lt;br /&gt;
It appears that the incident was included in the Blockthreat report for Week 36 of 2025.&lt;br /&gt;
&lt;br /&gt;
== Total Amount Recovered ==&lt;br /&gt;
There is limited information available about the smart contract, and no suggestion that any recovery is presently being attempted.&lt;br /&gt;
&lt;br /&gt;
There do not appear to have been any funds recovered in this case.&lt;br /&gt;
&lt;br /&gt;
== Ongoing Developments ==&lt;br /&gt;
It's unclear which project is behind this address, and whether any investigation is underway.&lt;br /&gt;
== Individual Prevention Policies ==&lt;br /&gt;
{{Prevention:Individuals:Placeholder}}&lt;br /&gt;
&lt;br /&gt;
{{Prevention:Individuals:End}}&lt;br /&gt;
&lt;br /&gt;
== Platform Prevention Policies ==&lt;br /&gt;
{{Prevention:Platforms:Placeholder}}&lt;br /&gt;
&lt;br /&gt;
{{Prevention:Platforms:End}}&lt;br /&gt;
&lt;br /&gt;
== Regulatory Prevention Policies ==&lt;br /&gt;
{{Prevention:Regulators:Placeholder}}&lt;br /&gt;
&lt;br /&gt;
{{Prevention:Regulators:End}}&lt;br /&gt;
&lt;br /&gt;
== References ==&lt;br /&gt;
&amp;lt;references&amp;gt;&amp;lt;ref name=&amp;quot;tenarmortweet-21139&amp;quot;&amp;gt;[https://twitter.com/TenArmorAlert/status/1962413608182128843 TenArmor - &amp;quot;Our system has detected a suspicious attack involving #unverified contract 0x46cbe on #BASE, resulting in an approximately loss of $88.9K.&amp;quot; - Twitter/X] (Accessed Sep 19, 2025)&amp;lt;/ref&amp;gt;&lt;br /&gt;
&lt;br /&gt;
&amp;lt;ref name=&amp;quot;basescantransaction-21140&amp;quot;&amp;gt;[https://basescan.org/tx/0xdc6658ce341f5699915cf33ef5f4d3d6298c841f4c333d31543f6ec6ff8dd2ea Attack Transaction - BaseScan] (Accessed Sep 19, 2025)&amp;lt;/ref&amp;gt;&lt;br /&gt;
&lt;br /&gt;
&amp;lt;ref name=&amp;quot;hklst4rtweet-21141&amp;quot;&amp;gt;[https://twitter.com/hklst4r/status/1962432786687463699 Weilin (William) Li - &amp;quot;yet another uniswapV3Callback lacking access control.&amp;quot; - Twitter/X] (Accessed Sep 19, 2025)&amp;lt;/ref&amp;gt;&lt;br /&gt;
&lt;br /&gt;
&amp;lt;ref name=&amp;quot;blockthreat-21142&amp;quot;&amp;gt;[https://newsletter.blockthreat.io/p/blockthreat-week-36-2025 BlockThreat - Week 36, 2025] (Accessed Sep 19, 2025)&amp;lt;/ref&amp;gt;&lt;br /&gt;
&lt;br /&gt;
&amp;lt;ref name=&amp;quot;blockscoutrawtrace-21143&amp;quot;&amp;gt;[https://base.blockscout.com/tx/0xdc6658ce341f5699915cf33ef5f4d3d6298c841f4c333d31543f6ec6ff8dd2ea?tab=raw_trace Transaction details - Blockscout] (Accessed Sep 19, 2025)&amp;lt;/ref&amp;gt;&lt;br /&gt;
&lt;br /&gt;
&amp;lt;ref name=&amp;quot;victimbasescan-21144&amp;quot;&amp;gt;[https://basescan.org/address/0x46cbe774bd057dfc9b09a5781020e9a6ec9639bb Victim Smart Contract - BaseScan] (Accessed Sep 19, 2025)&amp;lt;/ref&amp;gt;&lt;br /&gt;
&lt;br /&gt;
&amp;lt;ref name=&amp;quot;victimcreationbasescan-21145&amp;quot;&amp;gt;[https://basescan.org/tx/0x31ccb12d43f856b44bdf09a11dfddf47b198596aafae5ddf4108a1641493ceee Victim Smart Contract Creation Transaction - BaseScan] (Accessed Sep 19, 2025)&amp;lt;/ref&amp;gt;&lt;br /&gt;
&lt;br /&gt;
&amp;lt;ref name=&amp;quot;vulnerablebasescan-21146&amp;quot;&amp;gt;[https://basescan.org/address/0x1d9e1b7e57a8c8c6fe8f6eef52d63df399665098 Vulnerable Smart Contract - BaseScan] (Accessed Sep 19, 2025)&amp;lt;/ref&amp;gt;&lt;br /&gt;
&lt;br /&gt;
&amp;lt;ref name=&amp;quot;deletegatedcreationbasedscan-21147&amp;quot;&amp;gt;[https://basescan.org/tx/0xcf9e53e327fa73b0cadb6b5ec1459a5f53ead3a2d719b2c3692f4461877dc2d6 Creation Of Delegated Smart Contract - BaseScan] (Accessed Sep 19, 2025)&amp;lt;/ref&amp;gt;&amp;lt;/references&amp;gt;&lt;/div&gt;</summary>
		<author><name>Azoundria</name></author>
	</entry>
</feed>