Calculated from recorded token losses using historical USD prices at the incident time.
0xf4a3d0e01bbca6c114954d4a49503fc94dfdbc864bded5530b51a207640d86b50x418c24191ae947a78c99fdc0e45a1f96afb254beEthereum0x5ffaf1b4da96d6cfd4045035a94a924fc39631dcEthereumOn Ethereum mainnet transaction 0xf4a3d0e01bbca6c114954d4a49503fc94dfdbc864bded5530b51a207640d86b5 in block 15767838, an unprivileged EOA 0xcc1a341d0f2a06eaba436935399793f05c2bbe92 invoked its helper contract 0xfd4dccd754eaaa8c9196998c5bb06a56df6a1d95 to mint UERII twice, dump a fraction of the minted supply into the UERII/USDC Uniswap V3 pool 0x5ffaf1b4da96d6cfd4045035a94a924fc39631dc, swap the extracted USDC into WETH through the USDC/WETH pool 0x88e6a0c2ddd26feeb64f039a2c41296fcb3f5640, unwrap the WETH, and return ETH to the sender. The transaction realized 1.594348144286128408 ETH net profit after gas.
The root cause is straightforward: the verified UERII token contract 0x418c24191ae947a78c99fdc0e45a1f96afb254be exposed a public mint() function with no authorization check. Once external liquidity existed, any caller could mint zero-cost inventory and sell it for valuable assets from the pool.
UERII is an ERC-20 token with 6 decimals. Uniswap V3 does not inspect or enforce whether a listed token has safe issuance policy; it only prices token exchanges according to pool state and swap math. If a token paired against a real asset like USDC remains publicly mintable, an attacker can create inventory at zero cost and still receive real counter-asset liquidity from the pool.
The relevant public market components were already live before the exploit:
0x418c24191ae947a78c99fdc0e45a1f96afb254be0x5ffaf1b4da96d6cfd4045035a94a924fc39631dc0x88e6a0c2ddd26feeb64f039a2c41296fcb3f56400xe592427a0aece92de3edee1f18e0157c05861564The fork pre-state immediately before block 15767838 already contained sufficient UERII/USDC liquidity, which made the public mint economically exploitable.
This incident is an ATTACK category ACT opportunity caused by unrestricted token issuance. The safety invariant is that once a token is paired against valuable external liquidity, only authorized issuance should be able to increase redeemable supply. UERII breaks that invariant because Token.mint() directly executes _mint(msg.sender, 100000000000000000) without any access control, payment requirement, or rate limit.
The exploit does not depend on broken Uniswap logic. Uniswap V3 behaved as designed: after the attacker delivered UERII into the pool, the pool paid out USDC according to its pricing function. The value extraction happens because the token side of the trade was attacker-created inventory. The follow-on USDC to WETH swap and WETH unwrap only convert already-extracted value into a more convenient asset; they are realization steps, not the root cause.
The verified UERII source code shows the vulnerable issuance primitive:
function mint() public returns (bool) {
_mint(msg.sender, 100000000000000000);
return true;
}
This function allows any caller to increase total supply and receive tokens directly. The concrete code-level breakpoint is the _mint(msg.sender, 100000000000000000) call inside Token.mint().
The on-chain trace for tx 0xf4a3d0e01bbca6c114954d4a49503fc94dfdbc864bded5530b51a207640d86b5 shows the exact exploit sequence:
0x418C24191aE947A78C99fDc0e45a1f96Afb254BE::mint()
0x418C24191aE947A78C99fDc0e45a1f96Afb254BE::mint()
0xE592427A0AEce92De3Edee1F18E0157C05861564::exactInputSingle((UERII, USDC, 500, ...))
0x5FFaf1B4Da96D6Cfd4045035A94A924fC39631dC::swap(...)
emit Transfer(from: 0x5FFaf1B4Da96D6Cfd4045035A94A924fC39631dC, to: 0xFD4DcCD754EAaA8C9196998c5Bb06A56dF6a1D95, value: 2447241739)
0xE592427A0AEce92De3Edee1F18E0157C05861564::exactInputSingle((USDC, WETH, 500, ...))
WETH9::withdraw(1855150444286128408)
0xcc1A341D0F2a06Eaba436935399793F05C2bbE92::fallback{value: 1855150444286128408}()
Balance-diff evidence quantifies the exploit outcome. The helper transferred 2425482740776 raw UERII into the UERII/USDC pool. In return, the pool lost 2447241739 raw USDC units. The USDC/WETH pool then paid 1855150444286128408 WETH to the helper, and the sender EOA ended the transaction with a native ETH delta of 1724749294286128408 wei before gas. With 2608023 gas used at 50 gwei, gas cost was 0.13040115 ETH, producing 1.594348144286128408 ETH net profit.
The ACT conditions are minimal and permissionless:
No privileged key, attacker-specific contract artifact, or protocol admin action was required.
The adversary cluster consists of:
0xcc1a341d0f2a06eaba436935399793f05c2bbe92, which sent the exploit transaction, paid gas, and received the final ETH.0xfd4dccd754eaaa8c9196998c5bb06a56df6a1d95, which executed the mint and swap sequence. Its address matches the sender EOA's nonce-0 deployment address.The end-to-end flow is:
0xf4a3d0e01bbca6c114954d4a49503fc94dfdbc864bded5530b51a207640d86b5.UERII.mint() twice, creating 200000000000000000 raw UERII at zero acquisition cost.2425482740776 raw UERII, into the UERII/USDC pool.2447241739 raw USDC to the helper.1855150444286128408 WETH.This is a single-transaction inventory inflation and dump. The key decision point is not sophisticated routing but the existence of a public mint against already-seeded external liquidity.
The measurable pool-side loss was:
2447241739 raw units (2447.241739 USDC at 6 decimals)The affected liquidity source was the UERII/USDC Uniswap V3 pool 0x5ffaf1b4da96d6cfd4045035a94a924fc39631dc. The attacker then converted that extracted value into ETH and realized 1.594348144286128408 ETH net profit after paying gas.
0xf4a3d0e01bbca6c114954d4a49503fc94dfdbc864bded5530b51a207640d86b50xf4a3d0e01bbca6c114954d4a49503fc94dfdbc864bded5530b51a207640d86b50xf4a3d0e01bbca6c114954d4a49503fc94dfdbc864bded5530b51a207640d86b50x418c24191ae947a78c99fdc0e45a1f96afb254be