`BaseAdapter::setDeadline` function allows the new deadline to be the current `block.timestamp`
Summary
The BaseAdapter::setDeadline function allows the owner to set the deadline parameter that is then used in the swap functions in UniswapV2Adapter and UniswapV3Adapter contracts.
Vulnerability Details
The BaseAdapter::setDeadline function allows the owner to set the deadline parameter. The function checks if the deadline is not in the past, but the function allows the deadline to be the current block.timestamp:
This deadline is used in several swap functions: UniswapV2Adapter::executeSwapExactInputSingle, UniswapV2Adapter::executeSwapExactInput, UniswapV3Adapter::executeSwapExactInputSingle, UniswapV3Adapter::executeSwapExactInput. This means that the deadlinein these functions can be the current block.timestamp. This enables the pending transactions to be executed at a much later time resulting in a worse price for the user.
Impact
Swap can be executed at later time and the user can face up with the loss when the value of token change.
Tools Used
Manual Review
Recommendations
Don't allow the deadline to be set to the current block.timestamp or allow the users alone to set the deadline paramerter in the swap functions.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.