Submission Details
Severity:
`deadline` (The deadline for the transaction to be completed by) in the `TSwapPool:deposit` function is not utilized in any way.
Summary
The doc spec of the TSwapPool:deposit outlines that the deadline parameter is for the transaction to be completed by, in some blockchains (like Ethereum) transactions take up to 15 minutes to complete. This deadline is to ensure that the end user (the one triggering the deposit) gets their fair share. Allowing someone to frontrun a deposit and taking a bigger portion of the shares before someone's deposit.
Vulnerability Details
Allows someone to frontrun a deposti if there is no deadline.
Impact
Front-running deposits may be possible on slow time-to-finality blockchains.
Tools Used
N/A
Recommendations
// TSwapPool.sol
function deposit(
uint256 wethToDeposit,
uint256 minimumLiquidityTokensToMint,
uint256 maximumPoolTokensToDeposit,
uint64 deadline
)
external
revertIfZero(wethToDeposit)
+ revertIfDeadlinePassed(deadline)
returns (uint256 liquidityTokensToMint)
{
...
}
Updates
Appeal created
inallhonesty about 1 year ago
Submission Judgement Published Assigned finding tags:
`deposit` is missing deadline check causing transactions to complete even after the deadline
Rewards breakdown
nSLOC
276This contest has a flat reward structure with the following payouts:
100 EXP
20 EXP
2 EXP
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.