Part 2
Zaros
PerpetualsDEXFoundrySolidity
70,000 USDC
View results
Previous Next
Submission Details
Severity: medium
Invalid

Unenforced deadline checks in StabilityBranch.sol::fulfillSwap

shrxyeh

Summary

The fulfillSwap function checks the swap request’s deadline and then marks the request as processed. However, there is a potential race condition: after passing the deadline check but before swap execution, delays can occur that effectively execute swaps post-deadline.

Vulnerability Details

// if request dealine expired revert
ctx.deadline = request.deadline;
if (ctx.deadline < block.timestamp) {
revert Errors.SwapRequestExpired(user, requestId, ctx.deadline);
}
// set request processed to true
request.processed = true;

POC

function fulfillSwap(request) {
// Check if the deadline has passed.
if (request.deadline < currentTimestamp()) {
throw Error("SwapRequestExpired");
}
// Immediately mark the request as processed.
request.processed = true;
// Further delay in external calls or complex processing could allow execution past the intended deadline.
executeSwapLogic();
}

Impact

  • Delayed Execution: A malicious keeper could intentionally delay the final swap execution after the deadline.

  • User Disadvantage: Users lose the opportunity to cancel or reclaim funds if the deadline is effectively bypassed by delays.

Tools Used

  • Manual review

  • Time-based simulation tests

  • Fuzz testing (Forge)

Recommendations

  • Reordering Operations: Perform all time-sensitive actions (or recheck the deadline) immediately before transferring funds.

  • Immediate Effects: Mark requests only after all external calls succeed, using a design that minimizes delay.

  • Timestamp Revalidation: Consider revalidating the deadline after critical state updates.

Updates

Lead Judging Commences

inallhonesty Lead Judge 10 months ago
Submission Judgement Published
Invalidated
Reason: Lack of quality

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!