First Flight #18: T-Swap

First Flight #18
Beginner FriendlyDeFiFoundry
100 EXP
View results
Submission Details
Severity: medium
Valid

`deadline` (The deadline for the transaction to be completed by) in the `TSwapPool:deposit` function is not utilized in any way.

Summary

The doc spec of the TSwapPool:deposit outlines that the deadline parameter is for the transaction to be completed by, in some blockchains (like Ethereum) transactions take up to 15 minutes to complete. This deadline is to ensure that the end user (the one triggering the deposit) gets their fair share. Allowing someone to frontrun a deposit and taking a bigger portion of the shares before someone's deposit.

Vulnerability Details

Allows someone to frontrun a deposti if there is no deadline.

Impact

Front-running deposits may be possible on slow time-to-finality blockchains.

Tools Used

N/A

Recommendations

// TSwapPool.sol
function deposit(
uint256 wethToDeposit,
uint256 minimumLiquidityTokensToMint,
uint256 maximumPoolTokensToDeposit,
uint64 deadline
)
external
revertIfZero(wethToDeposit)
+ revertIfDeadlinePassed(deadline)
returns (uint256 liquidityTokensToMint)
{
...
}
Updates

Appeal created

inallhonesty Lead Judge 12 months ago
Submission Judgement Published
Validated
Assigned finding tags:

`deposit` is missing deadline check causing transactions to complete even after the deadline

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.