Fixed Timestamp Deadline Reduces Transaction Flexibility in _swapUnderlyingToAsset()
Summary
The use of a fixed timestamp (block.timestamp) as the transaction deadline does not account for network delays or congestion, causing transactions to fail unnecessarily. If a transaction is slightly delayed beyond the block timestamp during heavy traffic, the trade will expire, resulting in missed opportunities or failed swaps.
Vulnerability Details
Issue: The deadline parameter is set to block.timestamp, which only guarantees validity for the current block. If the transaction is delayed due to network congestion, gas spikes, or slow block propagation, the swap fails even if it should otherwise succeed.
A small buffer of time or a short range of allowable timestamps would improve flexibility without compromising security.
Impact
Transaction Failure During Congestion:
When the Ethereum network is congested, transactions might be delayed beyond the block’s timestamp, causing otherwise valid swaps to fail.
-
Missed Arbitrage or Trading Opportunities:
Traders relying on tight price movements lose opportunities because of rigid timestamp validation.
Tools Used
manual
Recommendations
Add a Short Buffer Time to block.timestamp:
Instead of using the exact timestamp of the current block, add a small buffer (e.g., 5–10 minutes) to allow for delayed transactions.
2. Allow User-Specified Deadlines:
Let users specify their own deadlines as input, giving them more control over timing constraints.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.