Uniswap Labs, the developer of Uniswap–a decentralized exchange, has introduced a new security feature called Permit2. Taking to X on January 18, the DEX developer this update addresses the “infinite token allowances” vulnerability that hackers can exploit. This flaw risked user funds, and the new feature is meant to resolve this concern.
Uniswap Sealing Infinite Token Allowance Risks
In crypto, especially among decentralized finance (DeFi) protocols, the “token allowance” is permission initiated by the user granting smart contracts access to tokens. From there, assets can be moved.
With this permission, it becomes possible for users to interact with dapps, chiefly protocols that utilize user funds. Some of these dapps include, for instance, decentralized exchanges like Uniswap or lending platforms like Aave or Maker.
While useful, “token allowance” can be exploited by hackers via “infinite token allowance,” where hackers can infinitely access and illegally withdraw funds from wallets, draining them as a result. Once a wallet has been compromised, it can be drained without the user’s knowledge since the compromised code already permits the hacker to move funds.
Aware of this risk, Uniswap Labs is introducing the open-source Permit2 as a solution. The tool, the DEX developer says, will give users more protection and, more importantly, control over digital assets.
A key feature of Permit2 is that users can set time limits on token approvals. Third parties can only access funds within a specific period in this arrangement.
Additionally, the tool introduces a reusable token approval for simplicity. With this feature, end users don’t have to repeatedly grant access to their funds for each transaction. On the gas-saving fronts, Uniswap Labs say Permit2 also utilizes signature-based approvals and transfers. This means the tool can reduce gas fees when users transfer tokens.
Uniswap Building, UNI Remains Under Pressure
This enhancement precedes the upcoming release of Uniswap v4, which introduces Hooks. This new feature provides developers with more flexibility and control over their applications.
Analysts say the launch of Uniswap v4 and Uniswap Labs’ continuous enhancement to improve security might cement the DEX’s position.
According to DeFiLlama , Uniswap has managed over $4.4 billion worth of assets. Even so, UNI prices continue to struggle.
Looking at the daily chart, UNI has resistance at around $8.1 and is currently down roughly 20% from December highs. Sharp losses below $6 might trigger a sell-off, forcing the token towards $4.5 or lower.