Using `block.timestamp` for swap deadline offers no protection
Summary
In the PoS model, proposers know well in advance if they will propose one or consecutive blocks ahead of time. In such a scenario, a malicious validator can hold back the transaction and execute it at a more favourable block number.
Vulnerability Details
-
Found in src/StrategyArb.sol Line: 87
IRamsesRouter(router).swapExactTokensForTokens(_amount, minOut, _path, address(this), block.timestamp); -
Found in src/StrategyOp.sol Line: 102
IVeloRouter(router).swapExactTokensForTokens(_amount, minOut, _path, address(this), block.timestamp);
Impact
block.timestamp is not offering any security, because it is dependant on the block in which the transaction is included. Malicious Validators could hold the transaction for an indefinite time.
Tools Used
Aderyn.
Recommendations
Consider allowing function caller to specify swap deadline input parameter. Since StrategyOb.sol::_swapUnderlyingToAsset and StrategyArb.sol::_swapUnderlyingToAsset are internal functions, a deadline should be implemented in the functions that are calling the above mentioned internal functions.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.