Submission Details
Severity:
`deadline` in `TSWapPool::deposit` is not used & can be made either 0 or infinite to break the functioning of the protocol
Summary
The deadline input which is meant to tell the time till the functioning has to be completed is not used in TSWapPool::deposit
Proof of Code
PoC
function testDeposit() public {
vm.startPrank(liquidityProvider);
weth.approve(address(pool), 100e18);
poolToken.approve(address(pool), 100e18);
-->> pool.deposit(100e18, 100e18, 100e18, 0);
assertEq(pool.balanceOf(liquidityProvider), 100e18);
assertEq(weth.balanceOf(liquidityProvider), 100e18);
assertEq(poolToken.balanceOf(liquidityProvider), 100e18);
assertEq(weth.balanceOf(address(pool)), 100e18);
assertEq(poolToken.balanceOf(address(pool)), 100e18);
}
Tools Used
Manual Review , Foundry
Recommendations
Consider removing the
deadlineinout from theTSWapPool::depositfunctionIf still you are using it have some checks for deadline passing.
Updates
Appeal created
inallhonesty over 1 year ago
Submission Judgement Published Assigned finding tags:
`deposit` is missing deadline check causing transactions to complete even after the deadline
Rewards breakdown
nSLOC
276This contest has a flat reward structure with the following payouts:
100 EXP
20 EXP
2 EXP
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.