The StrategyArb
contract implements functionality to swap underlying WETH tokens for alETH (synthetic ETH) using the Ramses Router. However, in the _swapUnderlyingToAsset()
function, the swap deadline is set to block.timestamp
, which effectively removes the deadline protection against stale transactions.
This is particularly concerning in Layer 2 networks where network congestion can cause significant transaction delays. When a swap transaction gets delayed due to congestion, it can still be executed much later under potentially unfavorable market conditions, as the deadline check will always pass (the block's timestamp will always be >= itself).
The impact is most severe in volatile market conditions where delayed swaps could execute at significantly worse prices than intended. While the function does implement slippage protection via the minOut
parameter, this alone is insufficient as it doesn't protect against the transaction being held and executed at a later time when the temporary price impact of other trades has subsided.
User calls claimAndSwap()
with parameters for a favorable swap
Network becomes congested, transaction stays pending
Market conditions change unfavorably
Much later (could be hours), the transaction finally gets included
Because block.timestamp
was used as deadline, the swap executes despite being stale
The strategy receives worse swap terms than intended, only bounded by minOut
Add a deadline parameter to the claimAndSwap()
and _swapUnderlyingToAsset()
functions to allow users to specify their maximum acceptable delay. This deadline should be passed through to the router call:
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.