First Flight #18: T-Swap
First Flight #18
Beginner FriendlyDeFiFoundry
100 EXP
View results
Previous Next
Submission Details
Severity: medium
Valid

`TSwapPool::deposit` is missing deadline check, causing transactions to complete even after the deadline passed

paprikrumplikas

Vulnerability Details

The deposit function accepts a deadline as an input the parameter which, according to the documentation, "the deadline for the transaction to be completed by". However, this parameter is never actually used. As a consequence, operations that add liquidty to the pool might be executed at unexpected times, in market conditions when the deposit rate is unfavorable.

This also makes this part susceptible to MEV attacks.

Proof of concept: the deadline parameter is unused (this is highlighted by the compiler too).

Impact

Transactions can be sent when market conditions are unfavorable, even when the deadline is set.

Tools Used

Manual review, Foundry.

Recommendations

Perform the following changes to the function:

function deposit(
uint256 wethToDeposit,
uint256 minimumLiquidityTokensToMint,
uint256 maximumPoolTokensToDeposit,
uint64 deadline
)
external
+ revertIfDeadlinePassed(deadline)
revertIfZero(wethToDeposit)
returns (uint256 liquidityTokensToMint)
{...}
Updates

Appeal created

inallhonesty Lead Judge 12 months ago
Submission Judgement Published
Validated
Assigned finding tags:

`deposit` is missing deadline check causing transactions to complete even after the deadline

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.