20,000 USDC
View results
Submission Details
Severity: medium
Valid

Lack of specific time input can result in MEVs exploiting `sellProfits`

Summary

Lack of time specific input can result in MEVs exploiting the sellProfits TX.

Vulnerability Details

From the code snippet bellow we can see that for the UNI call the deadline parameter is set to block.timestamp. Deadline is where is the last time that the TX can be executed, and any time after it it revert. The issue here is that block.timestamp can be easily manipulated by the MEVs (they can include it in this block,top or bottom, or even pay the block proposers to put it in the next block). This all means that the deadline is useless, since block.timestamp is when the TX is executed and no matter when it's executed it's gonna pass (now, a day later, or even a year).

ISwapRouter.ExactInputSingleParams memory params = ISwapRouter
.ExactInputSingleParams({
tokenIn: _profits,
tokenOut: WETH,
fee: 3000,
recipient: address(this),
deadline: block.timestamp,// <== this is useless
amountIn: amount,
amountOutMinimum: 0,
sqrtPriceLimitX96: 0
});

Impact

MEVs, could game the sellProfits TX.

Tools Used

Recommendations

Set a deadline settle in the function.

function sellProfits(address _profits,uint _deadline) public {
...
ISwapRouter.ExactInputSingleParams memory params = ISwapRouter
.ExactInputSingleParams({
tokenIn: _profits,
tokenOut: WETH,
fee: 3000,
recipient: address(this),
deadline: _deadline,
amountIn: amount,
amountOutMinimum: 0,
sqrtPriceLimitX96: 0
});
...

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.