Beedle - Oracle free perpetual lending
BeedleFi
DeFiFoundry
20,000 USDC
View results
Previous Next
Submission Details
Severity: medium
Valid

No expiration deadline leads to losing a lot of funds

serialcoder

Summary

The Fees::sellProfits() does not set an expiration deadline, resulting in losing a lot of funds when swapping tokens.

Vulnerability Details

The deadline parameter in the sellProfits() is set to block.timestamp. That means the function will accept a token swap at any block number (i.e., no expiration deadline).

function sellProfits(address _profits) public {
require(_profits != WETH, "not allowed");
uint256 amount = IERC20(_profits).balanceOf(address(this));
ISwapRouter.ExactInputSingleParams memory params = ISwapRouter
.ExactInputSingleParams({
tokenIn: _profits,
tokenOut: WETH,
fee: 3000,
recipient: address(this),
@> deadline: block.timestamp,
amountIn: amount,
amountOutMinimum: 0,
sqrtPriceLimitX96: 0
});
amount = swapRouter.exactInputSingle(params);
IERC20(WETH).transfer(staking, IERC20(WETH).balanceOf(address(this)));
}

https://github.com/Cyfrin/2023-07-beedle/blob/658e046bda8b010a5b82d2d85e824f3823602d27/src/Fees.sol#L36

Impact

Without an expiration deadline, a malicious miner/validator can hold a transaction until they favor it or they can make a profit. As a result, the Fees contract can lose a lot of funds from slippage.

Tools Used

Manual Review

Recommendations

I recommend setting the deadline parameter with a proper timestamp.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.