Fees.sol's swapping functionality has incorrect deadline
Summary
Incorrect deadline (block.timestamp) set in fees.sol swapping functionality can lead to MEV Attack, resulting in loss of fees for protocol
Vulnerability Details
Beedles protocol collects fees in many ERC20 tokens and transfer them to fees.sol, where in these are swap for WETH then send to treasury.
Beedle uses uniswap protocols exactInput() functionality to perform this swap as shown below :
https://github.com/Cyfrin/2023-07-beedle/blob/658e046bda8b010a5b82d2d85e824f3823602d27/src/Fees.sol#L30-L40
This provides provision for deadline for the transaction which helpful because without it, a transaction may remain pending in the mempool for an extended period, getting executed much later than intended by the protocol. This delay can result in protocol receiving unfavourable prices for their transaction, with proper deadline set protocol (beedle) can specify uniswap to not execute this transaction after some duration.
Settting the deadline to block.timestamp does not help, as this can be put into hold for long time and then validator/miner can put this transaction into the block whenever they wish as the deadline kept as block.timestamp will pass the check.
Impact
Loss of fees collected of protocol as they will swapped for WETH for cheaper rate.
Tools Used
Manual review
Recommendations
Set appropriate fixed (static) deadline parameter in swapping functionality.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.