`block.timestamp` as deadline
Summary
Automated Market Makers (AMMs) usually offer users the option to set a deadline parameter for transactions. This parameter ensures that the transaction is executed within a specified time limit. Without this parameter, the transaction could be delayed, leading to potential price disadvantages for the user.
Vulnerability Details
With the shift to Proof of Stake (PoS) on the mainnet Ethereum, the process of creating Ethereum blocks undergoes a significant change. PoS block proposers are aware in advance if they will propose the next block. The entire network knows which validators are responsible for the current and next blocks.
Transactions without a deadline can linger in the mempool and be executed much later than desired, potentially resulting in unfavorable prices for users. Validators can delay the transaction and execute it based on the block.timestamp, as the block it is eventually put into will be block.timestamp, so this offers no protection to the users. To address front-running concerns in AMM design, setting a deadline prevents transactions from being indefinitely delayed.
More details
Impact
Users are at risk of partially losing funds
Tools Used
Manual review
Recommendations
To safeguard users who engage with AMMs, protocols should incorporate the ability for setting expiration deadlines. Without this feature, the absence of an expiration deadline, coupled with the lack of a slippage parameter, poses a significant risk of potential loss of funds for individuals initiating swaps.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.