Description
The pool contract does not allow users to set a deadline for executing transactions such as swaps, adding liquidity, or removing liquidity. Consequently, adversaries can extract value by buying the asset involved at a discounted price by maliciously executing the transaction at any time, potentially at less favorable prices.
Both the stable and volatile pool contracts do not allow providing a deadline parameter that could serve as a protection for this scenario.
Recommendation
Allow users to set a deadline when interacting with a volatile pool. This should be added in every function that interacts with the pair, namely swaps, adding liquidity, or removing liquiditys.
Description The pool contract does not allow users to set a deadline for executing transactions such as swaps, adding liquidity, or removing liquidity. Consequently, adversaries can extract value by buying the asset involved at a discounted price by maliciously executing the transaction at any time, potentially at less favorable prices.
Both the stable and volatile pool contracts do not allow providing a deadline parameter that could serve as a protection for this scenario.
Recommendation Allow users to set a deadline when interacting with a volatile pool. This should be added in every function that interacts with the pair, namely swaps, adding liquidity, or removing liquiditys.