Submission Details
Severity:
No expiration deadline leads to lost of funds
Summary
The SmartVaultV3.sol#swap() does not set an expiration deadline, resulting in losing a lot of funds when swapping tokens.
Vulnerability Details
The deadline parameter in the swap() is set to block.timestamp. That means the function will accept a token swap at any block number (i.e. no expiration deadline).
function swap(bytes32 _inToken, bytes32 _outToken, uint256 _amount) external onlyOwner {
uint256 swapFee = _amount * ISmartVaultManagerV3(manager).swapFeeRate() / ISmartVaultManagerV3(manager).HUNDRED_PC();
address inToken = getSwapAddressFor(_inToken);
uint256 minimumAmountOut = calculateMinimumAmountOut(_inToken, _outToken, _amount);
ISwapRouter.ExactInputSingleParams memory params = ISwapRouter.ExactInputSingleParams({
tokenIn: inToken,
tokenOut: getSwapAddressFor(_outToken),
fee: 3000,
recipient: address(this),
@> deadline: block.timestamp,
amountIn: _amount - swapFee,
amountOutMinimum: minimumAmountOut,
sqrtPriceLimitX96: 0
});
inToken == ISmartVaultManagerV3(manager).weth() ?
executeNativeSwapAndFee(params, swapFee) :
executeERC20SwapAndFee(params, swapFee);
}
Impact
Without an expiration deadline, a malicious miner/validator can hold a transaction until they favor it or they can make a profit. As a result, the SmartVaultV3 contract can lose a lot of funds from slippage.
Tools Used
Manual Review
Recommendations
I recommend setting the deadline parameter with a proper timestamp.
Updates
Lead Judging Commences
hrishibhat over 1 year ago
Submission Judgement Published Reason: Non-acceptable severity
Assigned finding tags:
deadline-check-low
Prize pool breakdown
Total prize
20,000 USDC
nSLOC
60933 USDC / LOC
17,500 USDC
2,500 USDC
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.