No expiration deadline leads to losing a lot of funds
Summary
The SmartVaultV3::swap() function lacks an expiration deadline, potentially exposing the contract to financial losses during token swaps.
Vulnerability Details
The swap() function utilizes the deadline parameter, which is set to block.timestamp. This implies that the function allows token swaps without enforcing an expiration deadline, leaving it susceptible to exploitation.
Impact
The absence of an expiration deadline in the SmartVaultV3 contract's swap() function creates a vulnerability where a malicious miner/validator could manipulate transactions for personal gain. This could lead to significant financial losses for the contract due to slippage.
Tools Used
Manual Review.
Recommendations
It is recommended to enhance the security of the SmartVaultV3 contract by setting a proper expiration deadline for the deadline parameter within the swap() function. This measure will mitigate the risk of potential financial losses associated with malicious activities.
Lead Judging Commences
deadline-check-low
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.