Insufficient Validation of Deadline in BaseAdapter.sol
Summary
The setDeadline() function in BaseAdapter.sol only validates that the deadline is not in the past when setting it. However, it does not enforce a check when executing swaps. This could lead to transactions being executed even after the deadline has expired, potentially at unfavorable prices.
Vulnerability Details
The
setDeadline()function ensures that a new deadline cannot be set in the past but does not verify expiration during swap execution.
This only prevents setting a past deadline but does not ensure that a swap isn't executed after the deadline has passed.
The contract does not contain any swap functions directly.
The swap logic is likely implemented in DEX adapter contracts (UniswapV2/V3).
If these adapters use the
deadlinevariable without verifying if it has expired, it introduces a critical flaw.
Impact
Stale Transactions: Transactions that should have expired could still execute.
Unfavorable Swap Prices: The user might receive a worse rate than expected due to market changes.
Exploitation Risk: Attackers could manipulate this by submitting transactions that execute at better prices later.
Tools Used
Manual Analysis
Recommendations
Every swap function should check whether the deadline is still valid before executing.
Instead of maintaining a global
deadline, allow users to specify their own deadline per swap request.Ensure the Uniswap adapters enforce the deadline validation before executing swaps.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.