Unsafe Deadline Parameter in DEX Swap
Description
The claimAndSwap() function in the StrategyArb and StrategyOp contract uses block.timestamp as the deadline parameter when executing swaps through the Ramses Router and Velo Router. This implementation creates a vulnerability where transactions could be executed at unfavorable times or be subject to MEV attacks.
Impact:
-
MEV Attack: Miners/validators can manipulate block.timestamp within certain bounds, potentially allowing them to execute the transaction at a slightly different time than intended.
-
Delayed Execution: If the transaction gets stuck in the mempool due to network congestion or gas price spikes, it will still execute when finally mined, even if market conditions have significantly changed.
-
Sandwich Attack Opportunity: The predictable deadline makes it easier for attackers to sandwich the transaction, as they know it must be executed in the current block.
Altough 1 and 3 are hard to achieve in L2s but we see 2 is very possible in L2 networks.
Tools Used
Manual Review
Recommendation
Add a deadline parameter to the function and implement proper validation and validate that the deadline is in the future.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.