Incorrect deadline for swapping
Summary
Using "deadline: block.timestamp" is incorrect, allowing outdated slippage and allow pending transaction to be unexpectedly executed.
Vulnerability Details
Advanced protocols like AMMs Uniswap can allow users to specify a deadline parameter that enforces a time limit by which the transaction must be executed. Without a deadline parameter, the transaction may sit in the mempool and be executed at a much later time potentially resulting in a worse price for the user. Most of the functions that interact with UniswapV3 do not have a deadline parameter, but specifically, the one in the SwapRouter.vy, is passing block.timestamp to a UniswapV3 router, which means that whenever the miner decides to include the transaction in a block, it will be valid at that time, since block.timestamp will be the current timestamp.
Impact
In that case transaction stays pending in the mempool/sequencer for extended periods, which could be hours, days, weeks, or even longer. During this time, the price of the tokens has changed and the user has unknowingly performed a bad trade due to the pending transaction.
Tools Used
Manual review.
Recommendations
Recommended to pass the deadline as an argument to the "swap" function like that:
User can independently set the time frame for the execution of the transaction, based on the time of the call "swap" function, and not the time of its adding into the block.
Lead Judging Commences
deadline-check-low
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.