Deadline in the swap function is set as 'block.timestamp'.
Summary
swap() function executes the ISwapRouter.ExactInputSingleParams() function with deadline as block.timestamp. This has basically no effect and should rather be an actual uint256 value.
Vulnerability Details
This is a well-known vulnerability and here's an article detailing the impact and how Uniswap has a very clear deadline set, in addition to the minimumOut check - https://web.archive.org/web/20230525014603/https://blog.bytes032.xyz/p/why-you-should-stop-using-block-timestamp-as-deadline-in-swaps
Impact
This situation may result in users obtaining an unfavorable price since a validator has the ability to delay processing the transaction. When the transaction is eventually included in a block, it will use the block.timestamp, which is always relative. As a result, users lack protection in such cases.
Tools Used
Manual review
Recommendations
Allow user to manually set the deadline parameter
Lead Judging Commences
Protocol should not use block.timestamp as deadline in Uniswap interactions because it renders the protection mechanism useless
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.