20,000 USDC
View results
Submission Details
Severity: medium
Valid

Having no deadline for swaps is a ticking timebomb

Summary

the implementation of deadline parameter in swap transactions on Uniswap V3. The current setting uses the block.timestamp as the deadline, leading to possible transaction exploitations.

Vulnerability Details

In the sellProfits() function, the block.timestamp is used as the deadline for the exactInputSingle function from the Uniswap V3 router, this can be seen at L24-L45 of Fees.sol:

/// @notice swap loan tokens for collateral tokens from liquidations
/// @param _profits the token to swap for WETH
function sellProfits(address _profits) public {
require(_profits != WETH, "not allowed");
uint256 amount = IERC20(_profits).balanceOf(address(this));
ISwapRouter.ExactInputSingleParams memory params = ISwapRouter
.ExactInputSingleParams({
tokenIn: _profits,
tokenOut: WETH,
fee: 3000,
recipient: address(this),
//@audit
deadline: block.timestamp,
amountIn: amount,
amountOutMinimum: 0,
sqrtPriceLimitX96: 0
});
amount = swapRouter.exactInputSingle(params);
IERC20(WETH).transfer(staking, IERC20(WETH).balanceOf(address(this)));
}
}

As seen this function is passing block.timestamp to a pool, which means that whenever the miner decides to include the txn in a block, it will be valid at that time, since block.timestamp will be the current timestamp.

Now this means that a malicious miner can hold the transaction, It is highly likely that the swap is less profitable for the swapper with time, depends on market conditions, key to note that even if the slippage provided was not 0 i.e amountOutMinimum!= 0 the miner can as well just hold it until maximum slippage is incurred, and execute the tx when it's most suitable for him/her.
Automated Market Makers (AMMs) typically allow users to set a future timestamp as a deadline to ensure that their transactions are not executed at an unfavourable time, and to prevent potential front-running attacks. Using the block.timestamp as the deadline offers no protection against these possible adverse situations.

Impact

Executing the swap in an unfavourable manner for the swapper

Tools Used

Manual Audit

Recommended Mitigation

Rather than using the block.timestamp as the deadline, a future timestamp should be set for the swap.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.