Submission Details
Severity:
Unchecked `deadline` in `deposit` function
Summary
Unnecessary parameter in deposit function of TSwapPool contract.
Vulnerability Details
The deposit function takes a deadline parameter, but does not check whether the deadline has not passed.
function deposit(
uint256 wethToDeposit,
uint256 minimumLiquidityTokensToMint,
uint256 maximumPoolTokensToDeposit,
uint64 deadline
)
external
revertIfZero(wethToDeposit)
returns (uint256 liquidityTokensToMint)
{
if (wethToDeposit < MINIMUM_WETH_LIQUIDITY) {
revert TSwapPool__WethDepositAmountTooLow(
MINIMUM_WETH_LIQUIDITY,
wethToDeposit
);
}
if (totalLiquidityTokenSupply() > 0) {
uint256 wethReserves = i_wethToken.balanceOf(address(this));
uint256 poolTokenReserves = i_poolToken.balanceOf(address(this)); // @audit it is not used
// Our invariant says weth, poolTokens, and liquidity tokens must always have the same ratio after the
// initial deposit
// poolTokens / constant(k) = weth
// weth / constant(k) = liquidityTokens
// aka...
// weth / poolTokens = constant(k)
// To make sure this holds, we can make sure the new balance will match the old balance
// (wethReserves + wethToDeposit) / (poolTokenReserves + poolTokensToDeposit) = constant(k)
// (wethReserves + wethToDeposit) / (poolTokenReserves + poolTokensToDeposit) =
// (wethReserves / poolTokenReserves)
//
// So we can do some elementary math now to figure out poolTokensToDeposit...
// (wethReserves + wethToDeposit) / poolTokensToDeposit = wethReserves
// (wethReserves + wethToDeposit) = wethReserves * poolTokensToDeposit
// (wethReserves + wethToDeposit) / wethReserves = poolTokensToDeposit
uint256 poolTokensToDeposit = getPoolTokensToDepositBasedOnWeth(
wethToDeposit
);
if (maximumPoolTokensToDeposit < poolTokensToDeposit) {
revert TSwapPool__MaxPoolTokenDepositTooHigh(
maximumPoolTokensToDeposit,
poolTokensToDeposit
);
}
// We do the same thing for liquidity tokens. Similar math.
liquidityTokensToMint =
(wethToDeposit * totalLiquidityTokenSupply()) /
wethReserves;
if (liquidityTokensToMint < minimumLiquidityTokensToMint) {
revert TSwapPool__MinLiquidityTokensToMintTooLow(
minimumLiquidityTokensToMint,
liquidityTokensToMint
);
}
_addLiquidityMintAndTransfer(
wethToDeposit,
poolTokensToDeposit,
liquidityTokensToMint
);
} else {
// This will be the "initial" funding of the protocol. We are starting from blank here!
// We just have them send the tokens in, and we mint liquidity tokens based on the weth
_addLiquidityMintAndTransfer(
wethToDeposit,
maximumPoolTokensToDeposit,
wethToDeposit
);
liquidityTokensToMint = wethToDeposit;
}
}
Impact
despite deadline has passed, transaction is not reverted.
Tools Used
Manual review
Recommendations
Please add modifier revertIfDeadlinePassed.
function deposit(
uint256 wethToDeposit,
uint256 minimumLiquidityTokensToMint,
uint256 maximumPoolTokensToDeposit,
uint64 deadline
)
external
revertIfZero(wethToDeposit)
++ revertIfDeadlinePassed(deadline)
returns (uint256 liquidityTokensToMint)
{
__SNIP__
}
Updates
Appeal created
inallhonesty over 1 year ago
Submission Judgement Published Assigned finding tags:
`deposit` is missing deadline check causing transactions to complete even after the deadline
Rewards breakdown
nSLOC
276This contest has a flat reward structure with the following payouts:
100 EXP
20 EXP
2 EXP
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.