swap() function in L2TokenReceiver.sol executes the ISwapRouter.ExactInputSingleParams() function with deadline as block.timestamp.
Since block.timestamp is always relative, using it in any way is equivalent to using no deadline at all. Needs to use a user defined input to effectively enforce any deadline.
Without a deadline, the transaction might be left hanging in the mempool and be executed way later than the user wanted. That could lead to user getting a worse price, because a validator can just hold onto the transaction. And when it does get around to putting the transaction in a block, it'll be block.timestamp, so they've got no protection there.
The deadline of a swap is set to block.timestamp in the swap function. What this means is that a validator can hold the swap transaction and the block the transaction is eventually put into will be the block.timestamp.
By this, validators determine the timeframe within which a swap should be included in a blockchain and not the user.
This could lead to users getting a worse price, because a validator can just hold onto the transaction. And when it does get around to putting the transaction in a block, it'll be block.timestamp (which is always relative), so they've got no protection there.
Manual Review
Consider allowing function caller to specify swap() with additional deadline input parameter
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.