Incorrect Deadline Enforcement Using < Operator in Smart Contract
Summary
The contract includes a 'deadline' parameter, but it uses the < operator to check the deadline condition.
Vulnerability Details
modifier revertIfDeadlinePassed(uint64 deadline) {
if (deadline < uint64(block.timestamp)) {
revert TSwapPool__DeadlineHasPassed(deadline);
}
_;
}
Impact
The current use of the < operator when checking the deadline condition can lead to unintended behavior. Specifically:
Missed Deadlines: Transactions that occur exactly at the deadline timestamp will not be rejected, which might not be the intended behavior. This can allow actions that should have been prevented due to the deadline constraint.
Security Risks: Allowing transactions at the exact deadline can introduce vulnerabilities, especially in time-sensitive contracts, potentially leading to exploitation by malicious actors who can time their transactions precisely.
By changing the operator to <=, the contract ensures that all transactions occurring at or beyond the deadline are correctly reverted, maintaining the integrity and intended functionality of the deadline parameter.
Tools Used
No specific tools were used to identify this vulnerability.
Recommendations
To ensure the deadline is correctly enforced, replace the < operator with <= when checking the deadline parameter.
modifier revertIfDeadlinePassed(uint64 deadline) {
if (deadline <= uint64(block.timestamp)) {
revert TSwapPool__DeadlineHasPassed(deadline);
}
_;
}
Appeal created
Deadline should include equality as well
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.