Open code423n4 opened 7 months ago
@liveactionllama Sponsors can only use these labels: sponsor confirmed, sponsor disputed, sponsor acknowledged, disagree with severity.
@liveactionllama Sponsors can only use these labels: sponsor confirmed, sponsor disputed, sponsor acknowledged, disagree with severity.
@liveactionllama Sponsors can only use these labels: sponsor confirmed, sponsor disputed, sponsor acknowledged, disagree with severity.
@liveactionllama Sponsors can only use these labels: sponsor confirmed, sponsor disputed, sponsor acknowledged, disagree with severity.
@liveactionllama Sponsors can only use these labels: sponsor confirmed, sponsor disputed, sponsor acknowledged, disagree with severity.
@liveactionllama Sponsors are not allowed to close, reopen, or assign issues or pull requests.
@liveactionllama Sponsors are not allowed to close, reopen, or assign issues or pull requests.
Lines of code
307
Vulnerability details
Passing
block.timestamp
as the expiry/deadline of an operation does not mean "require immediate execution" - it means "whatever block this transaction appears in, I'm comfortable with that block's timestamp". Providing this value means that a malicious miner can hold the transaction for as long as they like (think the flashbots mempool for bundling transactions), which may be until they are able to cause the transaction to incur the maximum amount of slippage allowed by the slippage parameter, or until conditions become unfavorable enough that other orders, e.g. liquidations, are triggered. Timestamps should be chosen off-chain, and should be specified by the caller to avoid unnecessary MEV.Assessed type
other