Selling Profits Transaction will always fail
Summary
The Uniswap Router call to swap tokens for WETH in Fees.sol will always revert due to an incorrect deadline.
Also, the Uniswap Router has to be approved to spend amount tokens on behalf of the smart contract
so that the trade can take place but apparently we are not approving the tokens anywhere in the function.
Vulnerability Details
In Fees.sol/sellProfits function, the params specified are as follows:
Just look at the deadline, we are giving the deadline to be current block.timestamp.
Let's we initiate the Transaction at some time t1 and it gets executed at t2.
We know the time always increases and hence t2 > t1 always.
Inside the router if the following condition meets
the Transaction will be reverted.
And see what we are doing here, we are sending a transaction whose deadline will always be in the past.
So it will always revert.
Impact
Protocol's sellProfits feature will not work.
Tools Used
Manual review, Uniswap docs
Recommendations
-> Approve the contract before making the swap and specify at least 10 minutes deadline ( e.g block.timestamp + 600).
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.