The Standard
The Standard
DeFiHardhat
20,000 USDC
View results
Previous Next
Submission Details
Severity: medium
Valid

Bad `deadline` definition makes it redundant

carrotsmuggler

Summary

The deadline for the swap is set to block.timestamp. However this is always true and thus redundant.

Vulnerability Details

The deadline parameter for UniswapV3 swaps is set so that users can execute swaps within a time window and expect a certain price. If their transaction gets delayed due to their choice of gas, the transaction can automatically become invalid and prevent the user from getting a bad price. However, the protocol sets the deadline to block.timestamp which is always true and thus redundant.

ISwapRouter.ExactInputSingleParams memory params = ISwapRouter.ExactInputSingleParams({
tokenIn: inToken,
tokenOut: getSwapAddressFor(_outToken),
fee: 3000,
recipient: address(this),
deadline: block.timestamp,
amountIn: _amount - swapFee,
amountOutMinimum: minimumAmountOut,
sqrtPriceLimitX96: 0
});

Thus is the user's transaction gets delayed, their transaction can get included in a later block with worse prices than they expected.

Impact

Users can get bad prices due to redundant deadline definition.

Tools Used

Manual Review

Recommendations

Allow users to pass in a deadline.

Updates

Lead Judging Commences

hrishibhat Lead Judge almost 2 years ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity
Assigned finding tags:

deadline-check-low

hrishibhat Lead Judge over 1 year ago
Submission Judgement Published
Validated
Assigned finding tags:

deadline-check

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.