Clara
All incidents

UERII Public Mint Drain

Share
Oct 17, 2022 12:31 UTCAttackLoss: 2,447.24 USDCPending manual check1 exploit txWindow: Atomic
Estimated Impact
2,447.24 USDC
Label
Attack
Exploit Tx
1
Addresses
2
Attack Window
Atomic
Oct 17, 2022 12:31 UTC → Oct 17, 2022 12:31 UTC

Exploit Transactions

TX 1Ethereum
0xf4a3d0e01bbca6c114954d4a49503fc94dfdbc864bded5530b51a207640d86b5
Oct 17, 2022 12:31 UTCExplorer

Victim Addresses

0x418c24191ae947a78c99fdc0e45a1f96afb254beEthereum
0x5ffaf1b4da96d6cfd4045035a94a924fc39631dcEthereum

Loss Breakdown

2,447.24USDC

Similar Incidents

Luckytiger Lucky Mint Drain

39%
Aug 24, 2022 14:26 UTC·0.5 ETH

DFX flash LP mint exploit

36%
Nov 10, 2022 19:27 UTC·99,866.26 USDC +1 more

NOON Pool Drain via Public transfer

35%
May 29, 2023 20:21 UTC·1.14 WETH

Unlimited-Mint Collateral Used to Over-Mint Debt Token

35%
Sep 20, 2024 22:43 UTC·98,999,168,398.02 0xd60e...b62d

DePay Router Double-Plugin Drain

35%
Oct 05, 2023 01:48 UTC·877.96 USDC

BUILD Governance Takeover and Unlimited Mint ACT Exploit

35%
Feb 11, 2022 02:22 UTC·4.6 ETH

Root Cause Analysis

UERII Public Mint Drain

1. Incident Overview TL;DR

On Ethereum mainnet transaction 0xf4a3d0e01bbca6c114954d4a49503fc94dfdbc864bded5530b51a207640d86b5 in block 15767838, an unprivileged EOA 0xcc1a341d0f2a06eaba436935399793f05c2bbe92 invoked its helper contract 0xfd4dccd754eaaa8c9196998c5bb06a56df6a1d95 to mint UERII twice, dump a fraction of the minted supply into the UERII/USDC Uniswap V3 pool 0x5ffaf1b4da96d6cfd4045035a94a924fc39631dc, swap the extracted USDC into WETH through the USDC/WETH pool 0x88e6a0c2ddd26feeb64f039a2c41296fcb3f5640, unwrap the WETH, and return ETH to the sender. The transaction realized 1.594348144286128408 ETH net profit after gas.

The root cause is straightforward: the verified UERII token contract 0x418c24191ae947a78c99fdc0e45a1f96afb254be exposed a public mint() function with no authorization check. Once external liquidity existed, any caller could mint zero-cost inventory and sell it for valuable assets from the pool.

2. Key Background

UERII is an ERC-20 token with 6 decimals. Uniswap V3 does not inspect or enforce whether a listed token has safe issuance policy; it only prices token exchanges according to pool state and swap math. If a token paired against a real asset like USDC remains publicly mintable, an attacker can create inventory at zero cost and still receive real counter-asset liquidity from the pool.

The relevant public market components were already live before the exploit:

  • UERII token: 0x418c24191ae947a78c99fdc0e45a1f96afb254be
  • UERII/USDC Uniswap V3 pool: 0x5ffaf1b4da96d6cfd4045035a94a924fc39631dc
  • USDC/WETH Uniswap V3 pool: 0x88e6a0c2ddd26feeb64f039a2c41296fcb3f5640
  • Uniswap V3 SwapRouter: 0xe592427a0aece92de3edee1f18e0157c05861564

The fork pre-state immediately before block 15767838 already contained sufficient UERII/USDC liquidity, which made the public mint economically exploitable.

3. Vulnerability Analysis & Root Cause Summary

This incident is an ATTACK category ACT opportunity caused by unrestricted token issuance. The safety invariant is that once a token is paired against valuable external liquidity, only authorized issuance should be able to increase redeemable supply. UERII breaks that invariant because Token.mint() directly executes _mint(msg.sender, 100000000000000000) without any access control, payment requirement, or rate limit.

The exploit does not depend on broken Uniswap logic. Uniswap V3 behaved as designed: after the attacker delivered UERII into the pool, the pool paid out USDC according to its pricing function. The value extraction happens because the token side of the trade was attacker-created inventory. The follow-on USDC to WETH swap and WETH unwrap only convert already-extracted value into a more convenient asset; they are realization steps, not the root cause.

4. Detailed Root Cause Analysis

The verified UERII source code shows the vulnerable issuance primitive:

function mint() public returns (bool) {
    _mint(msg.sender, 100000000000000000);
    return true;
}

This function allows any caller to increase total supply and receive tokens directly. The concrete code-level breakpoint is the _mint(msg.sender, 100000000000000000) call inside Token.mint().

The on-chain trace for tx 0xf4a3d0e01bbca6c114954d4a49503fc94dfdbc864bded5530b51a207640d86b5 shows the exact exploit sequence:

0x418C24191aE947A78C99fDc0e45a1f96Afb254BE::mint()
0x418C24191aE947A78C99fDc0e45a1f96Afb254BE::mint()
0xE592427A0AEce92De3Edee1F18E0157C05861564::exactInputSingle((UERII, USDC, 500, ...))
0x5FFaf1B4Da96D6Cfd4045035A94A924fC39631dC::swap(...)
emit Transfer(from: 0x5FFaf1B4Da96D6Cfd4045035A94A924fC39631dC, to: 0xFD4DcCD754EAaA8C9196998c5Bb06A56dF6a1D95, value: 2447241739)
0xE592427A0AEce92De3Edee1F18E0157C05861564::exactInputSingle((USDC, WETH, 500, ...))
WETH9::withdraw(1855150444286128408)
0xcc1A341D0F2a06Eaba436935399793F05C2bbE92::fallback{value: 1855150444286128408}()

Balance-diff evidence quantifies the exploit outcome. The helper transferred 2425482740776 raw UERII into the UERII/USDC pool. In return, the pool lost 2447241739 raw USDC units. The USDC/WETH pool then paid 1855150444286128408 WETH to the helper, and the sender EOA ended the transaction with a native ETH delta of 1724749294286128408 wei before gas. With 2608023 gas used at 50 gwei, gas cost was 0.13040115 ETH, producing 1.594348144286128408 ETH net profit.

The ACT conditions are minimal and permissionless:

  • UERII remains publicly mintable.
  • Valuable liquidity remains in a UERII trading pool.
  • An ordinary user can route swaps through public Uniswap V3 contracts.

No privileged key, attacker-specific contract artifact, or protocol admin action was required.

5. Adversary Flow Analysis

The adversary cluster consists of:

  • EOA 0xcc1a341d0f2a06eaba436935399793f05c2bbe92, which sent the exploit transaction, paid gas, and received the final ETH.
  • Helper contract 0xfd4dccd754eaaa8c9196998c5bb06a56df6a1d95, which executed the mint and swap sequence. Its address matches the sender EOA's nonce-0 deployment address.

The end-to-end flow is:

  1. The EOA calls its helper contract in tx 0xf4a3d0e01bbca6c114954d4a49503fc94dfdbc864bded5530b51a207640d86b5.
  2. The helper calls UERII.mint() twice, creating 200000000000000000 raw UERII at zero acquisition cost.
  3. The helper approves the Uniswap V3 router and swaps one tenth of the pool's pre-swap UERII balance, which equals 2425482740776 raw UERII, into the UERII/USDC pool.
  4. The UERII/USDC pool pays out 2447241739 raw USDC to the helper.
  5. The helper swaps the full USDC output into WETH in the canonical USDC/WETH pool and receives 1855150444286128408 WETH.
  6. The helper unwraps WETH to ETH and transfers the ETH to the EOA.

This is a single-transaction inventory inflation and dump. The key decision point is not sophisticated routing but the existence of a public mint against already-seeded external liquidity.

6. Impact & Losses

The measurable pool-side loss was:

  • USDC: 2447241739 raw units (2447.241739 USDC at 6 decimals)

The affected liquidity source was the UERII/USDC Uniswap V3 pool 0x5ffaf1b4da96d6cfd4045035a94a924fc39631dc. The attacker then converted that extracted value into ETH and realized 1.594348144286128408 ETH net profit after paying gas.

7. References

  • Seed transaction metadata for 0xf4a3d0e01bbca6c114954d4a49503fc94dfdbc864bded5530b51a207640d86b5
  • Full transaction trace for 0xf4a3d0e01bbca6c114954d4a49503fc94dfdbc864bded5530b51a207640d86b5
  • Balance diff for 0xf4a3d0e01bbca6c114954d4a49503fc94dfdbc864bded5530b51a207640d86b5
  • Verified UERII token source for 0x418c24191ae947a78c99fdc0e45a1f96afb254be