c4-judge
commented
1 year ago Picodes marked the issue as primary issue
Closed code423n4 closed 1 year ago
c4-judge
commented
1 year ago Picodes marked the issue as primary issue
asselstine
commented
1 year ago This isn't an issue for the Prize Pool, but rather for the Liquidator which is out of scope.
The PrizePool.liquidate() function has an "amountOut" and "amountIn" parameters: which means the liquidator has the privilege of deciding the exact trade. There is no need for a deadline.
c4-sponsor
commented
1 year ago asselstine marked the issue as sponsor disputed
c4-judge
commented
1 year ago Picodes marked the issue as unsatisfactory: Out of scope
Lines of code
https://github.com/GenerationSoftware/pt-v5-vault/blob/b1deb5d494c25f885c34c83f014c8a855c5e2749/src/Vault.sol#L550
Vulnerability details
Impact
There is no deadline parameter on liquidate().
This leave users unprotected from the situation when tx is left in the mempool for a long time and executes later when market conditions changed.
Proof of Concept
https://github.com/GenerationSoftware/pt-v5-vault/blob/b1deb5d494c25f885c34c83f014c8a855c5e2749/src/Vault.sol#L550
Tools Used
Recommended Mitigation Steps
Consider allowing users to specify a deadline parameter.
Assessed type
MEV