Do not use `block.timestamp` as deadline for swaps
Summary
A malicious miner can hold a transaction to until maximum slippage is incurred.
Vulnerability Details
Most functions that interact with AMM pools do not have a deadline parameter. However, the function shown below is passing block.timestamp as deadline, which means that whenever the miner decides to include the transaction in a block, it will be valid at that time, since block.timestamp will be the current timestamp.
A malicious miner can hold the transaction, which may be intended to free up capital to ensure that funds are available for operations to prevent a liquidation. It is highly likely that a liquidation, with its associated follow-on transactions, is more profitable for a miner to mine than to allow the decrease of liquidity. A miner can also hold the transaction until maximum slippage is incurred, as the judge stated.
reference: https://blog.bytes032.xyz/p/why-you-should-stop-using-block-timestamp-as-deadline-in-swaps
Impact
Fees contract can be manipulated to have the maximum slippage incurred
Tools Used
Manual Review
Recommendations
It is recommended to add deadline arguments to all functions that interact with AMMs, and pass it along to AMM calls
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.