Part 2

Summary

The initiateSwap function does not allow users to set their own transaction deadline. Instead, it relies on a fixed maxExecutionTime from the contract configuration. This forces all users to accept the same execution delay regardless of their risk tolerance or market conditions, reducing user control over transaction timing.

Vulnerability Details

The function sets the deadline using a contract-wide maxExecutionTime rather than a user-specified parameter:

Impact

• Reduced User Control: Users cannot specify a maximum acceptable execution time, forcing them to accept a one-size-fits-all deadline.

• Excessive Pending Time: If the global maxExecutionTime is too long, users may experience increased uncertainty and risks during high volatility.

• Exploitation by MEV Bots: Bots may time their transactions to execute near the end of the global deadline period to exploit price movements.

• Market Conditions Mismatch: In volatile market conditions, users might prefer shorter deadlines to mitigate risk, which is not possible under the current scheme.

Tools Used

• Manual Code Review: Detailed inspection of the contract code revealed the fixed deadline approach.

• Static Analysis Tools: Tools like Slither and MythX were used to analyze the control flow and parameter handling.

• Fuzz Testing: Tests were run using frameworks (e.g., Forge) to simulate different user input scenarios and assess the inflexibility in deadline specification.

Recommendations

• User-Specified Deadline Parameter: Modify the initiateSwap function to accept an additional deadline parameter from the user. This allows users to set their own acceptable transaction execution window.

  For example:

  function initiateSwap(

  uint128[] calldata vaultIds,

  uint128[] calldata amountsIn,

  uint128[] calldata minAmountsOut,

  uint120 deadline // New parameter provided by the user

  ) external {

  // Compare the provided deadline against a minimum or maximum allowable time

  if (deadline < block.timestamp + MIN_EXECUTION_TIME || deadline > block.timestamp + MAX_EXECUTION_TIME) {

  revert Errors.InvalidDeadline(deadline);

  }

  // Use the provided deadline instead of a fixed global configuration.

  swapRequest.deadline = deadline;

  // Continue with swap processing...

  }

• Configurable Range Checks: Enforce lower and upper bounds on the user-specified deadline to prevent extreme values.

• User Interface Clarity: Update the user interface to clearly explain the risks and benefits of choosing a custom deadline, allowing users to make informed decisions during volatile market conditions.

• Testing and Simulation: Rigorously test the new deadline feature under various market conditions to ensure that it behaves as intended without introducing additional risks.