Beedle - Oracle free perpetual lending
BeedleFi
DeFiFoundry
20,000 USDC
View results
Previous Next
Submission Details
Severity: medium
Valid

Lack of Deadline Control in sellProfits Function

0xCiphky

Summary

The sellProfits function in the Fees contract, used to swap tokens accrued from liquidations and fees for WETH, sets the deadline parameter for the swapExactInputSingle function in the Uniswap v3 router to block.timestamp. This means that transactions, once submitted, could be executed at any point in the future.

Vulnerability Details

This leaves the protocol vulnerable, where a malicious actor could deliberately delay a transaction until market conditions change in a way that is unfavourable to the protocol.

The code snippet of the vulnerable function:

/// @notice swap loan tokens for collateral tokens from liquidations
/// @param _profits the token to swap for WETH
function sellProfits(address _profits) public {
require(_profits != WETH, "not allowed");
uint256 amount = IERC20(_profits).balanceOf(address(this));
ISwapRouter.ExactInputSingleParams memory params = ISwapRouter.ExactInputSingleParams({
tokenIn: _profits,
tokenOut: WETH,
fee: 3000,
recipient: address(this),
deadline: block.timestamp,
amountIn: amount,
amountOutMinimum: 0,
sqrtPriceLimitX96: 0
});
amount = swapRouter.exactInputSingle(params);
IERC20(WETH).transfer(staking, IERC20(WETH).balanceOf(address(this)));
}

Impact

The lack of a deadline could potentially lead to unfavourable execution of transactions, resulting in potential loss for the protocol.

Tools Used

Manual analysis

Recommendations

Implement deadlines for the sellProfits function to prevent potential attacks.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.