Part 2
Zaros
PerpetualsDEXFoundrySolidity
70,000 USDC
View results
Previous Next
Submission Details
Severity: low
Invalid

Deadline Can Be Set to Current Block Timestamp Leading to MEV Exposure

Zealynx

Description

In BaseAdapter.sol, the setDeadline function allows setting the deadline to block.timestamp:

function setDeadline(uint256 _deadline) public onlyOwner {
// revert if the deadline is in the past
if (_deadline < block.timestamp) revert Errors.SwapDeadlineInThePast();
// set the new deadline
deadline = _deadline;
// emit the event
emit LogSetDeadline(_deadline);
}

The function only checks if the deadline is in the past (_deadline < block.timestamp) but allows setting it to exactly block.timestamp.

When a transaction is executed, block.timestamp represents the time when the validator includes the transaction in a block, not when it was submitted. This means transactions could potentially sit in the mempool and be executed at a much later time than intended.

Impact

  • Transactions can remain pending in the mempool indefinitely until validators decide to include them

  • MEV bots can take advantage of this window to perform sandwich attacks

Recommended Mitigation

Update the deadline validation in setDeadline to ensure the deadline must be strictly greater than the current block timestamp:

function setDeadline(uint256 _deadline) public onlyOwner {
if (_deadline <= block.timestamp) revert Errors.InvalidDeadline();
deadline = _deadline;
emit LogSetDeadline(_deadline);
}

This change ensures that deadlines must be set to a future timestamp, providing better protection against MEV and delayed execution issues.

Updates

Lead Judging Commences

inallhonesty Lead Judge 4 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.