Submission Details
Severity:
`TSwap::deposit` is missing deadline check that allow transaction to complete even after the deadline
Summary
The transaction could sent when the market condition is unfavourable.
Vulnerability Details
The deposit function accepts a deadline parameter, which according to documentation is " The deadline for the transaction to be completed by " However the parameter is never used. consequences, operations that add liquidity to the pool might be executed after the deadline.
Impact
The transaction could sent when the market condition is unfavourable.
Tools Used
Manual Review
Recommendations
make the following changes to the function. add deadline modifier revertifDeadlinePassed(deadline) .
function deposit(
uint256 wethToDeposit,
uint256 minimumLiquidityTokensToMint,
uint256 maximumPoolTokensToDeposit,
uint64 deadline
)
external
revertifDeadlinePassed(deadline)
revertIfZero(wethToDeposit)
returns (uint256 liquidityTokensToMint)
{
if (wethToDeposit < MINIMUM_WETH_LIQUIDITY) {
revert TSwapPool__WethDepositAmountTooLow(
MINIMUM_WETH_LIQUIDITY,
wethToDeposit
);
}
if (totalLiquidityTokenSupply() > 0) {
uint256 wethReserves = i_wethToken.balanceOf(address(this));
uint256 poolTokenReserves = i_poolToken.balanceOf(address(this));
uint256 poolTokensToDeposit = getPoolTokensToDepositBasedOnWeth(
wethToDeposit
);
if (maximumPoolTokensToDeposit < poolTokensToDeposit) {
revert TSwapPool__MaxPoolTokenDepositTooHigh(
maximumPoolTokensToDeposit,
poolTokensToDeposit
);
}
liquidityTokensToMint =
(wethToDeposit * totalLiquidityTokenSupply()) /
wethReserves;
if (liquidityTokensToMint < minimumLiquidityTokensToMint) {
revert TSwapPool__MinLiquidityTokensToMintTooLow(
minimumLiquidityTokensToMint,
liquidityTokensToMint
);
}
_addLiquidityMintAndTransfer(
wethToDeposit,
poolTokensToDeposit,
liquidityTokensToMint
);
} else {
_addLiquidityMintAndTransfer(
wethToDeposit,
maximumPoolTokensToDeposit,
wethToDeposit
);
liquidityTokensToMint = wethToDeposit;
}
}
Updates
Appeal created
inallhonesty over 1 year ago
Submission Judgement Published Assigned finding tags:
`deposit` is missing deadline check causing transactions to complete even after the deadline
Rewards breakdown
nSLOC
276This contest has a flat reward structure with the following payouts:
100 EXP
20 EXP
2 EXP
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.