Part 2
Zaros
PerpetualsDEXFoundrySolidity
70,000 USDC
View results
Previous Next
Submission Details
Severity: low
Invalid

Global Deadline Mismanagement Leading to Transaction Reverts and Potential Loss of Funds in DEX Adapter Contracts (`UniswapV2Adapter` and `UniswapV3Adapter`)

federodes

Summary

The UniswapV2Adapter and UniswapV3Adapter contracts contain swap functions (executeSwapExactInputSingle and executeSwapExactInput) that rely on a globally set deadline. This approach introduces critical risks, including transaction reverts if the deadline becomes outdated and potential user losses if transactions are executed under unfavorable market conditions due to an excessively extended deadline.

Vulnerability Details

Both executeSwapExactInputSingle and executeSwapExactInput functions utilize a single global deadline, which is set by the contract owner via the setDeadline function. This design applies the same expiration time to all transactions, rather than allowing individual transactions to specify their own deadlines.

If the contract owner neglects to update the global deadline and it lapses, any swap attempts will revert with the SwapDeadlineInThePast error. This results in a complete halt of all swap functionality until the deadline is manually corrected.

If the global deadline is set too far into the future, transactions might execute under market conditions that differ significantly from those present when the transaction was created. This could result in users receiving less favorable exchange rates or unexpected outcomes, leading to potential financial losses.

uint256 deadline;
function setDeadline(uint256 _deadline) public onlyOwner {
// revert if the deadline is in the past
if (_deadline < block.timestamp) revert Errors.SwapDeadlineInThePast();
// set the new deadline
deadline = _deadline;
// emit the event
emit LogSetDeadline(_deadline);
}
function executeSwapExactInputSingle(SwapExactInputSinglePayload calldata swapPayload)
external
returns (uint256 amountOut)
{
// transfer the tokenIn from the send to this contract
IERC20(swapPayload.tokenIn).transferFrom(msg.sender, address(this), swapPayload.amountIn);
// aprove the tokenIn to the swap router
address uniswapV2SwapStrategyRouterCache = uniswapV2SwapStrategyRouter;
IERC20(swapPayload.tokenIn).approve(uniswapV2SwapStrategyRouterCache, swapPayload.amountIn);
// get the expected output amount
uint256 expectedAmountOut = getExpectedOutput(swapPayload.tokenIn, swapPayload.tokenOut, swapPayload.amountIn);
// Calculate the minimum acceptable output based on the slippage tolerance
uint256 amountOutMinimum = calculateAmountOutMin(expectedAmountOut);
address[] memory path = new address[](2);
path[0] = swapPayload.tokenIn;
path[1] = swapPayload.tokenOut;
uint256[] memory amountsOut = IUniswapV2Router02(uniswapV2SwapStrategyRouterCache).swapExactTokensForTokens({
amountIn: swapPayload.amountIn,
amountOutMin: amountOutMinimum,
path: path,
to: swapPayload.recipient,
deadline: deadline
//@audit-issue Using a globally set deadline instead of transaction-specific deadlines
});
return amountsOut[1];
}

Impact

  • Operational Disruption:
    An outdated global deadline causes all swap transactions to revert, effectively halting the contract’s operation for all users until the issue is resolved by the owner.

  • Potential Financial Losses:
    Transactions executed under a far-future deadline may be settled under unfavorable market conditions, such as adverse changes in exchange rates, causing users to incur unexpected losses.

Tools Used

Manual review.

Recommendations

Modify the swap payload structures (e.g., SwapExactInputSinglePayload) to include a deadline parameter, allowing users to specify individual transaction expiration times.

Updates

Lead Judging Commences

inallhonesty Lead Judge 6 months ago
Submission Judgement Published
Invalidated
Reason: Design choice

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.