The Standard
The Standard
DeFiHardhat
20,000 USDC
View results
Previous Next
Submission Details
Severity: low
Invalid

MEV - Transaction can be withheld until miner finds it convenient

heavenz52

Summary

The swap function in SmartVaultV3.sol doesn't set a hard expiration time for the deadline. This can cause the user to get sub-optimal money in the swap / lose funds

Vulnerability Details

When the value for deadline is block.timestamp the function will accept swap at any block number

function swap(bytes32 _inToken, bytes32 _outToken, uint256 _amount) external onlyOwner {
uint256 swapFee = _amount * ISmartVaultManagerV3(manager).swapFeeRate() / ISmartVaultManagerV3(manager).HUNDRED_PC();
address inToken = getSwapAddressFor(_inToken);
uint256 minimumAmountOut = calculateMinimumAmountOut(_inToken, _outToken, _amount);
ISwapRouter.ExactInputSingleParams memory params = ISwapRouter.ExactInputSingleParams({
tokenIn: inToken,
tokenOut: getSwapAddressFor(_outToken),
fee: 3000,
recipient: address(this),
@> deadline: block.timestamp,
amountIn: _amount - swapFee,
amountOutMinimum: minimumAmountOut,
sqrtPriceLimitX96: 0
});
inToken == ISmartVaultManagerV3(manager).weth() ?
executeNativeSwapAndFee(params, swapFee) :
executeERC20SwapAndFee(params, swapFee);
}

Impact

MEV - Transaction can be withheld until miners finds it convenient for their profit (Ex: the miner can make his swap happen first and wait till the price goes up for the legitimate user making it more likely to revert because of unsatisfied minimum condition, etc, etc)

Tools Used

Manual review

Recommendations

deadline should be set to a proper timestamp value

Updates

Lead Judging Commences

hrishibhat Lead Judge almost 2 years ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity
Assigned finding tags:

informational/invalid

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.