First Flight #18: T-Swap
First Flight #18
Beginner FriendlyDeFiFoundry
100 EXP
View results
Previous Next
Submission Details
Severity: medium
Valid

`TSwapPool::deposit` is missing a deadline check, causing transactions to go through even after the deadline

sheep

Description: The deposit function takes a deadline parameter, whose purpose according to the documentation is "The deadline for the transaction to be completed by", but this parameter is unused in the function, failing to check that deadline has passed for the transaction, which can cause users to add liquidity to the pool even after the deadline, in market conditions where the deposit rate is not favorable.

Impact: Transactions could be sent when market conditions are unfavorable to deposit, even when adding a deadline parameter.

Proof of Concept:

  1. Compile the contracts by running forge compile

  2. Output from the terminal can be used to observe that

src/TswapPool.sol:118:9:
uint64 deadline

Recommended Mitigation: Consider the following mitigation

function deposit(
uint256 wethToDeposit,
uint256 minimumLiquidityTokensToMint,
uint256 maximumPoolTokensToDeposit,
//@audit - unused parameter
uint64 deadline
)
external
+ revertIfDeadlinePassed(deadline)
revertIfZero(wethToDeposit)
returns (uint256 liquidityTokensToMint)
{
Updates

Appeal created

inallhonesty Lead Judge 12 months ago
Submission Judgement Published
Validated
Assigned finding tags:

`deposit` is missing deadline check causing transactions to complete even after the deadline

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.