loki-sama
commented
2 years ago duplicate #112
Closed code423n4 closed 2 years ago
loki-sama
commented
2 years ago duplicate #112
0xleastwood
commented
2 years ago Duplicate of #47
Handle
kenzo
Vulnerability details
SingleNativeTokenExitV2 takes as input from the user a deadline for the trades. However, it does not use this input for the actual trade but sets the deadline to be block.timestamp.
Impact
Trades will not work as expected. User might set a deadline for the trade but his trade will get executed regardless.
Duplicate issue?
This issue is present in a few contracts in the repo - SingleNativeTokenExitV2, SingleTokenJoinV2. If I submit both in one issue, but the judge will decide to reward them separately, he would not be able to do so for me as I submitted them all in one issue. So this is why I am submitting them in separate issues. If it is will be rewarded only as one issue, the judge will close the duplicate. Thank you.
Proof of Concept
We can see the input struct has deadline as a parameter, however,
_exitpasses as deadlineblock.timestamp, and not the input deadline.Recommended Mitigation Steps
Send to the router
_exitTokenStruct.deadlineinstead ofblock.timestamp. (Code ref)