Missing Deadline Check in `claimAndSwap` function in `StrategyOp.sol`
Summary
The claimAndSwap function in the contract uses block.timestamp directly as the deadline for the swap operation without exposing a user-defined deadline parameter.
This makes the function vulnerable to transactions lingering in the mempool for extended periods, potentially executing at unfavorable times.
Vulnerability Details
The claimAndSwap function facilitates token swaps using a specified path and router.
However, it directly sets block.timestamp as the deadline parameter for the swap call:
Using block.timestamp as the deadline effectively sets no meaningful time restriction on the transaction.
Transactions can remain in the mempool indefinitely due to network congestion or front-running attempts.
When finally executed, the swap might occur at significantly less favorable rates than anticipated.
Impact
Transactions without a strict deadline are more susceptible to manipulation, leading to potential financial losses.
Recommendations
Introduce a deadline parameter to the claimAndSwap function, allowing the caller to specify a strict deadline for transaction execution.
This ensures that transactions revert if not executed within the acceptable timeframe.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.