setDeadline in BaseAdapter uses a statically integrated deadline an can therefor hold swaps in the mempool for a long time
Description
BaseAdapter::setDeadline sets a global deadline responsible for every trade in the protocol going through the Dex Adapters.
Vulnerable Code
BaseAdapter::setDeadline
Impact
A globally, unfrequently set, fixed deadline for trades allows miners/validators to hold back on that transaction until they reach a favorable point in time to execute this transactions. Issues with improperly set deadlines are very well documented. While it might not necessarily be a big issue on a Sequencer Chain like Arbitrum, Monad on the other hand will have a mempool, so it should be taken into consideration.
As the primary chain to be deployed to is Arbitrum and Monad would follow at an unspecified time in the future, I rate this issue as Medium.
Recommended Mitigation
Instead of setting a global deadline consider setting a global executionTime and calculate the deadline within the functions with executionTime instead of a general deadline
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.