Auditing firm Debaub discovered a medium severity vulnerability in the Uniswap Universal Router smart contract that allowed third parties to potentially steal funds during token transfers.