c4-judge
commented
1 year ago berndartmueller marked the issue as duplicate of #160
Closed code423n4 closed 1 year ago
c4-judge
commented
1 year ago berndartmueller marked the issue as duplicate of #160
c4-judge
commented
1 year ago berndartmueller marked the issue as satisfactory
c4-judge
commented
1 year ago berndartmueller changed the severity to QA (Quality Assurance)
Lines of code
https://github.com/code-423n4/2023-01-numoen/blob/2ad9a73d793ea23a25a381faadc86ae0c8cb5913/src/core/Pair.sol#L116-L139
Vulnerability details
Impact
swap() Missing deadline checks allow pending transactions to be maliciously executed
Proof of Concept
To swap tokens, users can only call Pair.swap(),LendgineRouter does not have a similar LendgineRouter.mint()/LendgineRouter.burn() method that can be wrapped for security checks like:deadline
The Pair contract does not allow users to submit a deadline for their action. This missing feature enables pending transactions to be maliciously executed at a later point.
AMMs should provide their users with an option to limit the execution of their pending actions, such as swaps or adding and removing liquidity. The most common solution is to include a deadline timestamp as a parameter (for example see Uniswap V2). If such an option is not present, users can unknowingly perform bad trades
like: https://github.com/code-423n4/2022-12-caviar-findings/issues/28
Tools Used
Recommended Mitigation Steps
LendgineRouter.sol add swap() function with deadline to call Pair.swap() like LendgineRouter.mint()/LendgineRouter.burn()