First Flight #18: T-Swap

Summary

The deposit function accepts a deadline parameter, which according to the documentation is "The deadline for the transaction to be completed by." However, this parameter is never used. As a consequence, operations that add liquidity to the pool might be executed at unexpected times, potentially when market conditions are unfavorable.

Vulnerability Details

The deposit function accepts a deadline parameter intended to specify the latest time by which the transaction should be completed; however, this parameter is never utilized within the function. This oversight allows transactions to occur at any time, potentially during unfavorable market conditions, contrary to user expectations and the function's documentation, which can lead to financial losses and unexpected transaction timings.

Impact

Transactions could be sent when market conditions are unfavorable for deposit, even with a deadline parameter included. This can lead to suboptimal liquidity additions, affecting both the user's interests and the overall pool stability.

Tools Used

Manual code review, Remix IDE for identifying the unused parameter

Recommendations

To address this issue, include a check that reverts the transaction if the deadline has passed. This ensures that transactions are executed within the expected timeframe, maintaining user trust and aligning with documented behavior.
function deposit(
uint256 wethToDeposit,
uint256 minimumLiquidityTokensToMint,
uint256 maximumPoolTokensToDeposit,
uint64 deadline
) {
if (block.timestamp > deadline) {
revert("Transaction deadline has passed");
}
// Existing deposit logic
}
By adding this check, you ensure that the deadline parameter is respected, providing users with the expected behavior and avoiding deposits during unfavorable market conditions.