MorpheusAI

Foundry

22,500 USDC

View results

Previous Next

Submission Details

Severity: medium

Invalid

Dangerous use of the "deadline" parameter

iamandreiski

Summary

The protocol is using a hardcoded block.timestamp as a deadline parameter when interacting with the Uniswap's NonfungiblePositionManager, as well as when interacting with Uniswap's swap router which completely defeats the purpose of having a deadline parameter.

Vulnerability Details

Actions in the Uniswap's NonfungiblePositionManager as well as the SwapRouter contracts are governed by a deadline parameter to prevent the execution of pending transactions which are outdated. Functions that modify the liquidity of the pool check this parameter against the current block timestamp in order to discard transactions which have expired.

Failure to provide a proper deadline value enables pending transactions to be maliciously executed at a later point. Transactions that provide an insufficient amount of gas and are not executed in the current or next blocks, can be picked by malicious actors or MEV bots and executed later in detriment of the person who initiated them.

We can see two instances of it used here:

INonfungiblePositionManager.IncreaseLiquidityParams memory params_ = INonfungiblePositionManager

.IncreaseLiquidityParams({

tokenId: tokenId_,

amount0Desired: amountAdd0_,

amount1Desired: amountAdd1_,

amount0Min: amountMin0_,

amount1Min: amountMin1_,

deadline: block.timestamp

});

And here:

ISwapRouter.ExactInputSingleParams memory swapParams_ = ISwapRouter.ExactInputSingleParams({

tokenIn: params_.tokenIn,

tokenOut: params_.tokenOut,

fee: params_.fee,

recipient: address(this),

deadline: block.timestamp,

amountIn: amountIn_,

amountOutMinimum: amountOutMinimum_,

sqrtPriceLimitX96: params_.sqrtPriceLimitX96

});

Impact

Transactions which use block.timestamp as a deadline parameter, use an ineffective deadline parameter which won't prevent transactions to be maliciously executed at a later stage.

Tools Used

Manual Review

Recommendations

Don't hardcode the deadline parameter, allow for it to be passed as an argument and later forward it to the two contracts.

Updates

Lead Judging Commences

inallhonesty Lead Judge over 1 year ago

Submission Judgement Published

Validated

Assigned finding tags:

Protocol should not use block.timestamp as deadline in Uniswap interactions because it renders the protection mechanism useless

inallhonesty Lead Judge over 1 year ago

Submission Judgement Published

Invalidated

Reason: Non-acceptable severity

Prize pool breakdown

Total prize

22,500 USDC

nSLOC

1,054

21 USDC / LOC

High Medium

20,000 USDC

Low

2,500 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.