Using `block.timestamp` as the deadline/expiry invites MEV

[code423n4]

Lines of code

---

307

Vulnerability details

---

Passing block.timestamp as the expiry/deadline of an operation does not mean "require immediate execution" - it means "whatever block this transaction appears in, I'm comfortable with that block's timestamp". Providing this value means that a malicious miner can hold the transaction for as long as they like (think the flashbots mempool for bundling transactions), which may be until they are able to cause the transaction to incur the maximum amount of slippage allowed by the slippage parameter, or until conditions become unfavorable enough that other orders, e.g. liquidations, are triggered. Timestamps should be chosen off-chain, and should be specified by the caller to avoid unnecessary MEV.

File: contracts/governance/twTAP.sol

307  
308          // Mint twTAP position
309          tokenId = ++mintedTWTap;
310          _safeMint(_participant, tokenId);
311  
312          uint256 expiry = block.timestamp + _duration;
313          require(expiry < type(uint56).max, "twTAP: too long");
314          // Eligibility starts NEXT week, and lasts until the week that the lock
315:         // expires. This is guaranteed to be at least one week later by the

Assessed type

---

other

[C4-Staff]

@geoffchan23 Label changes by sponsor team members are restricted to the following labels: sponsor confirmed, sponsor disputed, sponsor acknowledged, resolved, disagree with severity. The label 'sponsor acknowledged' has been removed.

[C4-Staff]

@geoffchan23 Label changes by sponsor team members are restricted to the following labels: sponsor confirmed, sponsor disputed, sponsor acknowledged, resolved, disagree with severity. The label 'sponsor disputed' has been removed.

[C4-Staff]

@geoffchan23 Label changes by sponsor team members are restricted to the following labels: sponsor confirmed, sponsor disputed, sponsor acknowledged, resolved, disagree with severity. The label 'disagree with severity' has been removed.

[C4-Staff]

@geoffchan23 Label changes by sponsor team members are restricted to the following labels: sponsor confirmed, sponsor disputed, sponsor acknowledged, resolved, disagree with severity. The label 'unsatisfactory' has been removed.

[C4-Staff]

@geoffchan23 Label changes by sponsor team members are restricted to the following labels: sponsor confirmed, sponsor disputed, sponsor acknowledged, resolved, disagree with severity. The label 'in discussion' has been removed.

[C4-Staff]

@geoffchan23 Label changes by sponsor team members are restricted to the following labels: sponsor confirmed, sponsor disputed, sponsor acknowledged, resolved, disagree with severity. The label 'withdrawn by judge' has been removed.

[C4-Staff]

@geoffchan23 Label changes by sponsor team members are restricted to the following labels: sponsor confirmed, sponsor disputed, sponsor acknowledged, resolved, disagree with severity. The label '3rd place' has been removed.

[C4-Staff]

@geoffchan23 Label changes by sponsor team members are restricted to the following labels: sponsor confirmed, sponsor disputed, sponsor acknowledged, resolved, disagree with severity. The label '3 (High Risk)' has been removed.

[C4-Staff]

@liveactionllama Label changes by sponsor team members are restricted to the following labels: sponsor confirmed, sponsor disputed, sponsor acknowledged, resolved, disagree with severity. The label 'unsatisfactory' has been removed.

[C4-Staff]

@liveactionllama Label changes by sponsor team members are restricted to the following labels: sponsor confirmed, sponsor disputed, sponsor acknowledged, resolved, disagree with severity. The label '2 (Med Risk)' has been removed.

[C4-Staff]

@liveactionllama Label changes by sponsor team members are restricted to the following labels: sponsor confirmed, sponsor disputed, sponsor acknowledged, resolved, disagree with severity. The label 'duplicate-2' has been removed.

[C4-Staff]

@sockdrawermoney Label changes (additions and removals) by sponsor team members are restricted to the following labels: sponsor confirmed, sponsor disputed, sponsor acknowledged, resolved, disagree with severity.

[C4-Staff]

@sockdrawermoney Label changes (additions and removals) by sponsor team members are restricted to the following labels: sponsor confirmed, sponsor disputed, sponsor acknowledged, resolved, disagree with severity.

[C4-Staff]

@geoffchan23 Sponsors can only use these labels: sponsor confirmed, sponsor disputed, sponsor acknowledged, and disagree with severity.

[C4-Staff]

@geoffchan23 Sponsors can only use these labels: sponsor confirmed, sponsor disputed, sponsor acknowledged, and disagree with severity.

[C4-Staff]

@C4-Staff Sponsors can only use these labels: sponsor confirmed, sponsor disputed, sponsor acknowledged, and disagree with severity.

[C4-Staff]

@C4-Staff Sponsors can only use these labels: sponsor confirmed, sponsor disputed, sponsor acknowledged, and disagree with severity.

[C4-Staff]

@C4-Staff Sponsors can only use these labels: sponsor confirmed, sponsor disputed, sponsor acknowledged, and disagree with severity.

[C4-Staff]

@C4-Staff Sponsors can only use these labels: sponsor confirmed, sponsor disputed, sponsor acknowledged, and disagree with severity.

[C4-Staff]

@geoffchan23 Sponsors can only use these labels: sponsor confirmed, sponsor disputed, sponsor acknowledged, and disagree with severity.

[C4-Staff]

@geoffchan23 Sponsors can only use these labels: sponsor confirmed, sponsor disputed, sponsor acknowledged, and disagree with severity.

[C4-Staff]

@geoffchan23 Sponsors can only use these labels: sponsor confirmed, sponsor disputed, sponsor acknowledged, and disagree with severity.

[C4-Staff]

@geoffchan23 Sponsors can only use these labels: sponsor confirmed, sponsor disputed, sponsor acknowledged, and disagree with severity.

[C4-Staff]

@geoffchan23 Sponsors can only use these labels: sponsor confirmed, sponsor disputed, sponsor acknowledged, and disagree with severity.

[C4-Staff]

@geoffchan23 Sponsors can only use these labels: sponsor confirmed, sponsor disputed, sponsor acknowledged, and disagree with severity.

[C4-Staff]

@geoffchan23 Sponsors are not allowed to close, reopen, or assign issues or pull requests.

[C4-Staff]

@geoffchan23 Sponsors are not allowed to close, reopen, or assign issues or pull requests.

[C4-Staff]

@geoffchan23 Sponsors are not allowed to close, reopen, or assign issues or pull requests.

[C4-Staff]

@geoffchan23 Sponsors are not allowed to close, reopen, or assign issues or pull requests.

[C4-Staff]

@geoffchan23 Sponsors are not allowed to close, reopen, or assign issues or pull requests.

[C4-Staff]

@geoffchan23 Sponsors are not allowed to close, reopen, or assign issues or pull requests.

[C4-Staff]

@geoffchan23 Sponsors are not allowed to close, reopen, or assign issues or pull requests.

[C4-Staff]

@geoffchan23 Sponsors are not allowed to close, reopen, or assign issues or pull requests.

[C4-Staff]

@geoffchan23 Sponsors are not allowed to close, reopen, or assign issues or pull requests.

[C4-Staff]

@geoffchan23 Sponsors can only use these labels: sponsor confirmed, sponsor disputed, sponsor acknowledged, disagree with severity.

[C4-Staff]

@geoffchan23 Sponsors can only use these labels: sponsor confirmed, sponsor disputed, sponsor acknowledged.

[C4-Staff]

@geoffchan23 Sponsors can only use these labels: sponsor confirmed, sponsor disputed, sponsor acknowledged.

[C4-Staff]

@geoffchan23 Sponsors can only use these labels: sponsor confirmed, sponsor disputed, sponsor acknowledged.

[C4-Staff]

@geoffchan23 Sponsors are not allowed to close, reopen, or assign issues or pull requests.

[C4-Staff]

@geoffchan23 Sponsors are not allowed to close, reopen, or assign issues or pull requests.