First Flight #18: T-Swap
First Flight #18
Beginner FriendlyDeFiFoundry
100 EXP
View results
Previous Next
Submission Details
Severity: medium
Valid

`TSwapPool::deposit()` doesn't take `deadline` parameter into consideration, causing depositors to get unexpected lp token value for their deposit

Mahith

Summary

  1. When user expects a deposit transaction to be executed before an x block.timestamp by passing the deadline to get his expected price of lp token from the pool, there is a possibility that tx can be executed at later point after deadline expires hence provising depositor with a lp token of value that he didn't expect.

  2. Also, MEV can take advantage of this bug to inflate/deflate the pool before depositor's transaction to make good profit causing loss to depositor by making his tx execute at later point after deadline expires.

Vulnerability Details

Place below code in TswapPool.t.sol and run forge test --mt testDepositAfterDeadline

function testDepositAfterDeadline() public {
vm.warp(10);
vm.startPrank(liquidityProvider);
weth.approve(address(pool), 100e18);
poolToken.approve(address(pool), 100e18);
assertEq(block.timestamp, 10);
pool.deposit(100e18, 100e18, 100e18, uint64(block.timestamp) + 1000);
assertEq(pool.balanceOf(liquidityProvider), 100e18);
}

Impact

depositor receives unfair and unexpected value for his deposit.

Tools Used

Recommendations

Make below code changes in TSwapPool.sol

function deposit(
...
uint64 deadline
)
...
+ revertIfDeadlinePassed(deadline)
{
...
}
Updates

Appeal created

inallhonesty Lead Judge 11 months ago
Submission Judgement Published
Validated
Assigned finding tags:

`deposit` is missing deadline check causing transactions to complete even after the deadline

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.