Summary

The _swapUnderlyingToAsset function is using block.timestamp as deadline argument while interacting with the router, which completely defeats the purpose of using a deadline.

Vulnerability Details

In StrategyOp contract, the _swapUnderlyingToAsset function is using block.timestamp as deadline argument:

In StrategyArb contract, the _swapUnderlyingToAsset function is using block.timestamp as deadline argument:

The use of block.timestamp as the deadline argument within the _swapUnderlyingToAsset function when interacting with the router is a logical vulnerability that undermines the intended purpose of a deadline. The purpose of a deadline is to ensure that a swap transaction must be completed within a specified time frame to prevent execution under stale conditions or unfavorable market rates. Using block.timestamp directly means that the transaction is valid at any time. This could lead to pending transactions to be maliciously executed at stale conditions.

The similar issue is defined as medium in code4rena:

https://solodit.cyfrin.io/issues/m-21-dangerous-use-of-deadline-parameter-code4rena-revert-lend-revert-lend-git

Impact

Failure to provide a proper deadline value enables pending transactions to be maliciously executed at a later point. Transactions that provide an insufficient amount of gas such that they are not mined within a reasonable amount of time, can be picked by malicious actors or MEV bots and executed later in detriment of the submitter.

Tools Used

Manual Review

Recommendations

Consider adding a deadline parameter to the claimAndSwap function and forward this parameter to the corresponding underlying call to the router.