Function sellProfits lack expiration timestamp and slippage protection
Summary
The sellProfits function lacks expiration timestamp and slippage protection.
Vulnerability Details
Fees.sol has sellProfits function. This method utilizes Uniswap v3 pools to swap from one token to WETH. Both protections are important to defend against frontrunning and executing transaction in changed market conditions.
Expiration timestamp - deadline
Transaction can be waiting in mempool for a long time until validator chooses to execute it. Without the deadline, transaction might be executed long time after submission when price is already different.
Timestamp ensures that transaction reverts after expiration.
block.timestamp is used here. Time of current block is used and stays the same through the whole transaction so when it comes to timestamp control in the Uniswap pool it won't ever revert.
Slippage protection - amountOutMinimum
This protection makes sure that user gets at least the amount that is specified here. When swap is executed and user should receive fewer tokens, it reverts.
Value of 0 is used in params. This means that even if user would receive 0 tokens from the swap it is okay and no revert is needed. MEV bots can take advantage of such transactions and profit by sandwiching the swap transaction.
Impact
Tokens are at risk because transaction can be left in mempool and executed in different market conditions or it can be sandwiched by MEV bots and receive less than was previously anticipated.
Tools Used
Manual review
Recommendations
Implement deadline and slippage protection by adding them as parameters to sellProfits function.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.