Part 2

Zaros

PerpetualsDEXFoundrySolidity

70,000 USDC

View results

Previous Next

Submission Details

Severity: high

Invalid

Missing deadline validation in Curve adapter (CurveAdapter.sol)

sabanaku77

Summary

The CurveAdapter contract, which facilitates swaps via Curve's exchange router, does not enforce a deadline for swap execution. While the contract inherits a deadline variable from BaseAdapter, this deadline is never used during swaps. This omission exposes users to MEV attacks.

Vulnerability Details

The CurveAdapter contract defines two key functions for executing swaps:

75: function executeSwapExactInputSingle(SwapExactInputSinglePayload calldata swapPayload)

external override returns (uint256 amountOut) {

}

104: function executeSwapExactInput(SwapExactInputPayload calldata swapPayload)

external override returns (uint256 amountOut) {

}

These functions are responsible for executing swaps using Curve’s exchange router.
Within both functions, the contract calls the Curve router to perform the swap.

return ICurveSwapRouter(curveStrategyRouterCache).exchange_with_best_rate({

from: swapPayload.tokenIn,

to: swapPayload.tokenOut,

amount: swapPayload.amountIn,

expected: amountOutMinimum,

rate: ({

receiver: swapPayload.recipient

})

});

The function executes swaps without a deadline parameter, meaning there is no restriction on how long the swap transaction can remain in the mempool before execution.
The contract inherits a deadline variable from BaseAdapter, but this variable is never used in the swap execution logic.

Impact

The lack of deadline enforcement exposes users to MEV attacks, where malicious actors can manipulate transaction execution timing in the mempool.
Attackers can*intentionally delay execution until market conditions worsen, leading to unexpectedly poor swap rates for users.
This issue makes CurveAdapter inconsistent with Uniswap adapters, which do enforce deadlines, thereby reducing the security guarantees of Curve swaps.

Tools Used

Manual Code Review

Recommendations

Fix: Enforce Deadline in Swap Execution

Modify the exchange_with_best_rate function call to include a timestamp-based deadline. This ensures that swaps are executed within a safe time window and cannot be delayed indefinitely.

return ICurveSwapRouter(curveStrategyRouterCache).exchange_with_best_rate({

_from: swapPayload.tokenIn,

_to: swapPayload.tokenOut,

_amount: swapPayload.amountIn,

_expected: amountOutMinimum,

_receiver: swapPayload.recipient

+ deadline: block.timestamp + deadline // Enforce swap deadline

});

Updates

Lead Judging Commences

inallhonesty Lead Judge 7 months ago

Submission Judgement Published

Validated

Assigned finding tags:

CurveAdapter does not enforce swap execution time limits like other adapters do

Appeal created

elolpuer Auditor

7 months ago

inallhonesty Lead Judge

6 months ago

inallhonesty Lead Judge 6 months ago

Submission Judgement Published

Invalidated

Reason: Incorrect statement

Prize pool breakdown

Total prize

70,000 USDC

nSLOC

3,258

21 USDC / LOC

High Medium

66,500

Low

3,500

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.